| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-44510 |
79 |
|
XSS |
2022-12-22 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
2 |
CVE-2022-44488 |
601 |
|
|
2022-12-19 |
2022-12-23 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. |
|
3 |
CVE-2022-44474 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
4 |
CVE-2022-44473 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
5 |
CVE-2022-44471 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
6 |
CVE-2022-44470 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
7 |
CVE-2022-44469 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
8 |
CVE-2022-44468 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
9 |
CVE-2022-44467 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
10 |
CVE-2022-44466 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
11 |
CVE-2022-44465 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
12 |
CVE-2022-44463 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
13 |
CVE-2022-44462 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
14 |
CVE-2022-42367 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
15 |
CVE-2022-42366 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
16 |
CVE-2022-42365 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
17 |
CVE-2022-42364 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
18 |
CVE-2022-42362 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
19 |
CVE-2022-42360 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
20 |
CVE-2022-42357 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
21 |
CVE-2022-42356 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
22 |
CVE-2022-42354 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
23 |
CVE-2022-42352 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
24 |
CVE-2022-42351 |
863 |
|
Bypass |
2022-12-16 |
2022-12-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction. |
|
25 |
CVE-2022-42350 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
26 |
CVE-2022-42349 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
27 |
CVE-2022-42348 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
28 |
CVE-2022-42346 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
29 |
CVE-2022-42345 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
30 |
CVE-2022-42344 |
20 |
|
|
2022-10-20 |
2022-10-21 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. |
|
31 |
CVE-2022-42341 |
611 |
|
|
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. |
|
32 |
CVE-2022-42340 |
20 |
|
|
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. |
|
33 |
CVE-2022-38439 |
79 |
|
XSS |
2022-09-23 |
2022-09-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. |
|
34 |
CVE-2022-38438 |
79 |
|
XSS |
2022-09-23 |
2022-09-26 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM. |
|
35 |
CVE-2022-38424 |
22 |
|
Dir. Trav. |
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges. |
|
36 |
CVE-2022-38423 |
22 |
|
Dir. Trav. |
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges. |
|
37 |
CVE-2022-38422 |
22 |
|
Dir. Trav. |
2022-10-14 |
2022-10-18 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction. |
|
38 |
CVE-2022-38421 |
22 |
|
Exec Code Dir. Trav. |
2022-10-14 |
2022-10-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges. |
|
39 |
CVE-2022-38420 |
798 |
|
|
2022-10-14 |
2022-10-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction. |
|
40 |
CVE-2022-38419 |
611 |
|
|
2022-10-14 |
2022-10-28 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction. |
|
41 |
CVE-2022-38418 |
22 |
|
Exec Code Dir. Trav. |
2022-10-14 |
2022-10-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. |
|
42 |
CVE-2022-35712 |
787 |
|
Exec Code Overflow |
2022-10-14 |
2022-10-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
|
43 |
CVE-2022-35711 |
787 |
|
Exec Code Overflow |
2022-10-14 |
2022-10-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
|
44 |
CVE-2022-35710 |
787 |
|
Exec Code Overflow |
2022-10-14 |
2022-10-20 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server. |
|
45 |
CVE-2022-35698 |
79 |
|
Exec Code XSS |
2022-10-14 |
2022-10-19 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution. |
|
46 |
CVE-2022-35697 |
79 |
|
XSS |
2022-08-10 |
2022-08-15 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access. |
|
47 |
CVE-2022-35696 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
48 |
CVE-2022-35695 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
49 |
CVE-2022-35694 |
79 |
|
XSS |
2022-12-16 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
|
50 |
CVE-2022-35693 |
79 |
|
XSS |
2022-12-19 |
2023-01-06 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. |
