Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-40714 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. | 6.1 |
| 2021-09-08 | CVE-2021-28568 | Exposure of Resource to Wrong Sphere vulnerability in Adobe Genuine Service 7.1 Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. | 6.5 |
| 2021-09-08 | CVE-2021-28569 | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. | 4.3 |
| 2021-09-02 | CVE-2021-28557 | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. | 4.3 |
| 2021-09-02 | CVE-2021-28559 | Privacy Violation vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. | 5.3 |
| 2021-09-01 | CVE-2021-36012 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. | 6.5 |
| 2021-09-01 | CVE-2021-36026 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-09-01 | CVE-2021-36027 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-09-01 | CVE-2021-36037 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. | 6.5 |
| 2021-09-01 | CVE-2021-36038 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. | 6.5 |