Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-40711 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. | 5.4 |
| 2021-09-27 | CVE-2021-40712 | Improper Input Validation vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper input validation vulnerability via the path parameter. | 6.5 |
| 2021-09-27 | CVE-2021-40713 | Improper Certificate Validation vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a improper certificate validation vulnerability in the cold storage component. | 5.9 |
| 2021-09-27 | CVE-2021-40714 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. | 6.1 |
| 2021-09-08 | CVE-2021-28568 | Exposure of Resource to Wrong Sphere vulnerability in Adobe Genuine Service 7.1 Adobe Genuine Services version 7.1 (and earlier) is affected by an Insecure file permission vulnerability during installation process. | 6.5 |
| 2021-09-08 | CVE-2021-28569 | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder version 15.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. | 4.3 |
| 2021-09-02 | CVE-2021-28557 | Out-of-bounds Read vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Out-of-bounds Read vulnerability. | 4.3 |
| 2021-09-02 | CVE-2021-28559 | Privacy Violation vulnerability in Adobe products Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by an Information Exposure vulnerability. | 5.3 |
| 2021-09-01 | CVE-2021-36012 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. | 6.5 |
| 2021-09-01 | CVE-2021-36026 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |