Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-36027 | Cross-site Scripting vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-09-01 | CVE-2021-36037 | Unspecified vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper improper authorization vulnerability. | 6.5 |
| 2021-09-01 | CVE-2021-36038 | Improper Input Validation vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability in the Multishipping Module. | 6.5 |
| 2021-09-01 | CVE-2021-36039 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability via the `quoteId` parameter. | 6.5 |
| 2021-09-01 | CVE-2021-36043 | Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento Open Source Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. | 6.6 |
| 2021-09-01 | CVE-2021-36056 | Heap-based Buffer Overflow vulnerability in multiple products XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. | 5.5 |
| 2021-09-01 | CVE-2021-36058 | Integer Overflow or Wraparound vulnerability in multiple products XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. | 5.5 |
| 2021-09-01 | CVE-2021-36061 | Violation of Secure Design Principles vulnerability in Adobe Connect Adobe Connect version 11.2.2 (and earlier) is affected by a secure design principles violation vulnerability via the 'pbMode' parameter. | 5.4 |
| 2021-09-01 | CVE-2021-36062 | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2021-09-01 | CVE-2021-36063 | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |