Vulnerabilities > Adobe > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2023-29289 XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability.
network
low complexity
adobe CWE-91
6.5
6.5
2023-06-15 CVE-2023-29290 Missing Support for Integrity Check vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-353
5.3
5.3
2023-06-15 CVE-2023-29291 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe CWE-918
4.9
4.9
2023-06-15 CVE-2023-29292 Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.
network
low complexity
adobe CWE-918
4.9
4.9
2023-06-15 CVE-2023-29294 Unspecified vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass.
network
low complexity
adobe
4.3
4.3
2023-06-15 CVE-2023-29295 Incorrect Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-863
4.3
4.3
2023-06-15 CVE-2023-29296 Incorrect Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-863
4.3
4.3
2023-06-15 CVE-2023-29302 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe CWE-79
5.4
5.4
2023-06-15 CVE-2023-29304 Cross-site Scripting vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.
network
low complexity
adobe CWE-79
5.4
5.4
2023-06-15 CVE-2023-29307 Open Redirect vulnerability in Adobe Experience Manager
Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.
network
low complexity
adobe CWE-601
5.4
5.4