Vulnerabilities > Adobe > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-12 | CVE-2020-24442 | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 11.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2020-11-12 | CVE-2020-24441 | Unspecified vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2 Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. | 5.5 |
| 2020-11-05 | CVE-2020-24431 | Improper Authorization vulnerability in Adobe products Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. | 4.4 |
| 2020-10-21 | CVE-2020-24421 | NULL Pointer Dereference vulnerability in Adobe Indesign Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file. | 5.5 |
| 2020-10-20 | CVE-2020-24416 | Cross-site Scripting vulnerability in Adobe Marketo Sales Insight Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. | 6.1 |
| 2020-09-10 | CVE-2020-9726 | Out-of-bounds Read vulnerability in Adobe Framemaker Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. | 6.1 |
| 2020-09-10 | CVE-2020-9743 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. | 6.1 |
| 2020-09-10 | CVE-2020-9742 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. | 5.4 |
| 2020-09-10 | CVE-2020-9741 | Cross-site Scripting vulnerability in Adobe Experience Manager The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. | 5.4 |
| 2020-09-10 | CVE-2020-9740 | Cross-site Scripting vulnerability in Adobe Experience Manager AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. | 5.4 |