Vulnerabilities > Adobe > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-06-16 CVE-2016-4164 Cross-site Scripting vulnerability in Adobe Brackets 1.6
Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-06-16 CVE-2016-4159 Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-05-11 CVE-2016-1115 Improper Input Validation vulnerability in Adobe Coldfusion 10.0/11.0/2016
Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof servers via a crafted certificate.
network
high complexity
adobe CWE-20
5.9
2016-05-11 CVE-2016-1113 Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-04-22 CVE-2016-1036 Cross-site Scripting vulnerability in Adobe Analytics Appmeasurement for Flash Library 4.0
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-02-10 CVE-2016-0955 Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
network
low complexity
adobe CWE-79
6.1
2016-02-10 CVE-2016-0950 7PK - Security Features vulnerability in Adobe Connect
Adobe Connect before 9.5.2 allows remote attackers to spoof the user interface via unspecified vectors.
network
low complexity
adobe CWE-254
5.3
2010-05-13 CVE-2010-1282 Infinite Loop vulnerability in Adobe Shockwave Player
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted ATOM size in a .dir (aka Director) file.
network
low complexity
adobe CWE-835
6.5
2010-02-15 CVE-2009-3960 Unspecified vulnerability in Adobe products
Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0, Flex Data Services 2.0.1, and ColdFusion 7.0.2, 8.0, 8.0.1, and 9.0, allows remote attackers to obtain sensitive information via vectors that are associated with a request, and related to injected tags and external entity references in XML documents.
network
low complexity
adobe
6.5