CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Adobe : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-44510 79 XSS 2022-12-22 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
2 CVE-2022-44488 601 2022-12-19 2022-12-23
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.
3 CVE-2022-44474 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
4 CVE-2022-44473 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
5 CVE-2022-44471 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
6 CVE-2022-44470 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
7 CVE-2022-44469 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
8 CVE-2022-44468 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
9 CVE-2022-44467 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
10 CVE-2022-44466 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
11 CVE-2022-44465 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
12 CVE-2022-44463 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
13 CVE-2022-44462 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
14 CVE-2022-42367 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
15 CVE-2022-42366 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
16 CVE-2022-42365 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
17 CVE-2022-42364 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
18 CVE-2022-42362 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
19 CVE-2022-42360 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
20 CVE-2022-42357 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
21 CVE-2022-42356 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
22 CVE-2022-42354 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
23 CVE-2022-42352 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
24 CVE-2022-42351 863 Bypass 2022-12-16 2022-12-21
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to disclose low level confidentiality information. Exploitation of this issue does not require user interaction.
25 CVE-2022-42350 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
26 CVE-2022-42349 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
27 CVE-2022-42348 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
28 CVE-2022-42346 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
29 CVE-2022-42345 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
30 CVE-2022-42344 20 2022-10-20 2022-10-21
0.0
None ??? ??? ??? ??? ??? ???
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.
31 CVE-2022-42341 611 2022-10-14 2022-10-18
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
32 CVE-2022-42340 20 2022-10-14 2022-10-18
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
33 CVE-2022-38439 79 XSS 2022-09-23 2022-09-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
34 CVE-2022-38438 79 XSS 2022-09-23 2022-09-26
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.
35 CVE-2022-38424 22 Dir. Trav. 2022-10-14 2022-10-18
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary file system write. Exploitation of this issue does not require user interaction, but does require administrator privileges.
36 CVE-2022-38423 22 Dir. Trav. 2022-10-14 2022-10-18
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.
37 CVE-2022-38422 22 Dir. Trav. 2022-10-14 2022-10-18
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction.
38 CVE-2022-38421 22 Exec Code Dir. Trav. 2022-10-14 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, but does require administrator privileges.
39 CVE-2022-38420 798 2022-10-14 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Use of Hard-coded Credentials vulnerability that could result in application denial-of-service by gaining access to start/stop arbitrary services. Exploitation of this issue does not require user interaction.
40 CVE-2022-38419 611 2022-10-14 2022-10-28
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.
41 CVE-2022-38418 22 Exec Code Dir. Trav. 2022-10-14 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction.
42 CVE-2022-35712 787 Exec Code Overflow 2022-10-14 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
43 CVE-2022-35711 787 Exec Code Overflow 2022-10-14 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
44 CVE-2022-35710 787 Exec Code Overflow 2022-10-14 2022-10-20
0.0
None ??? ??? ??? ??? ??? ???
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.
45 CVE-2022-35698 79 Exec Code XSS 2022-10-14 2022-10-19
0.0
None ??? ??? ??? ??? ??? ???
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.
46 CVE-2022-35697 79 XSS 2022-08-10 2022-08-15
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager Core Components version 2.20.6 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires a low author privilege access.
47 CVE-2022-35696 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
48 CVE-2022-35695 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
49 CVE-2022-35694 79 XSS 2022-12-16 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
50 CVE-2022-35693 79 XSS 2022-12-19 2023-01-06
0.0
None ??? ??? ??? ??? ??? ???
Adobe Experience Manager version 6.5.14 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
Total number of vulnerabilities : 75   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.