Proteus® NextGen Data Privacy™ users can receive automated alerts using this data by linking it to their ITIL CMDB (IT asset register)

2024

CVE-2024-45123 (v3: 6.1) 10 Oct 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2024-45116 (v3: 8.1) 10 Oct 2024
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction.
CVE-2024-39403 (v3: 7.6) 14 Aug 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Confidentiality impact is high due to the attacker being able to exfiltrate sensitive information.
CVE-2024-39400 (v3: 8.1) 14 Aug 2024
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. This vulnerability could allow an admin attacker to inject and execute arbitrary JavaScript code within the context of the user's browser session. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. Confidentiality and integrity impact is high as it affects other admin accounts.

2023

2022

2021

2020

2019

CVE-2019-16466 (v3: 6.1) 15 Jan 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-16467 (v3: 6.1) 15 Jan 2020
Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8085 (v3: 6.1) 25 Oct 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8083 (v3: 6.1) 25 Oct 2019
Adobe Experience Manager versions 6.5, 6.4 and 6.3 have a cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8084 (v3: 6.1) 25 Oct 2019
Adobe Experience Manager versions 6.5, 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8078 (v3: 6.1) 24 Oct 2019
Adobe Experience Manager versions 6.4, 6.3 and 6.2 have a reflected cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8079 (v3: 6.1) 24 Oct 2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-8080 (v3: 6.1) 24 Oct 2019
Adobe Experience Manager versions 6.4 and 6.3 have a stored cross site scripting vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-8089 (v3: 6.1) 22 Oct 2019
Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-7954 (v3: 6.1) 18 Jul 2019
Adobe Experience Manager version 6.4 and ealier have a Stored Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-7955 (v3: 6.1) 18 Jul 2019
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-7129 (v3: 6.1) 29 May 2019
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2019-7092 (v3: 6.1) 24 May 2019
ColdFusion versions Update 1 and earlier, Update 7 and earlier, and Update 15 and earlier have a cross site scripting vulnerability. Successful exploitation could lead to information disclosure .

2018

CVE-2018-19724 (v3: 6.1) 28 Jan 2019
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-19726 (v3: 6.1) 28 Jan 2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-19727 (v3: 6.1) 28 Jan 2019
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-15969 (v3: 6.1) 17 Oct 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-15970 (v3: 6.1) 17 Oct 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-15971 (v3: 6.1) 17 Oct 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-15972 (v3: 6.1) 17 Oct 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-15973 (v3: 6.1) 17 Oct 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-5005 (v3: 6.1) 6 Sep 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-12806 (v3: 6.1) 29 Aug 2018
Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4921 (v3: 6.1) 19 May 2018
Adobe Connect versions 9.7 and earlier have an exploitable unrestricted SWF file upload vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4929 (v3: 6.1) 19 May 2018
Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4930 (v3: 6.1) 19 May 2018
Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4931 (v3: 6.1) 19 May 2018
Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.
CVE-2018-4940 (v3: 6.1) 19 May 2018
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4941 (v3: 6.1) 19 May 2018
Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-4875 (v3: 6.1) 27 Feb 2018
Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.
CVE-2018-4876 (v3: 6.1) 27 Feb 2018
Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.

2017

CVE-2017-11287 (v3: 6.1) 9 Dec 2017
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
CVE-2017-11288 (v3: 6.1) 9 Dec 2017
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
CVE-2017-11289 (v3: 6.1) 9 Dec 2017
An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.
CVE-2017-11296 (v3: 6.1) 9 Dec 2017
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
CVE-2017-3109 (v3: 6.1) 9 Dec 2017
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. Adobe Experience Manager has a reflected cross-site scripting vulnerability in the HtmlRendererServlet.
CVE-2017-11285 (v3: 6.1) 1 Dec 2017
Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.
CVE-2017-3102 (v3: 6.1) 17 Jul 2017
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.
CVE-2017-3103 (v3: 6.1) 17 Jul 2017
Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.
CVE-2017-3008 (v3: 6.1) 27 Apr 2017
Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and earlier, ColdFusion 10 Update 22 and earlier have a reflected cross-site scripting vulnerability.
CVE-2017-2969 (v3: 6.1) 15 Feb 2017
Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.

2016

CVE-2016-6933 (v3: 6.1) 15 Dec 2016
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks.
CVE-2016-6934 (v3: 6.1) 15 Dec 2016
Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.
CVE-2016-7882 (v3: 6.1) 15 Dec 2016
Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks.
CVE-2016-7883 (v3: 6.1) 15 Dec 2016
Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks.
CVE-2016-7884 (v3: 6.1) 15 Dec 2016
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.
CVE-2016-7851 (v3: 6.1) 8 Nov 2016
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
CVE-2016-4168 (v3: 6.1) 9 Aug 2016
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4170 (v3: 6.1) 9 Aug 2016
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4159 (v3: 6.1) 16 Jun 2016
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4164 (v3: 6.1) 16 Jun 2016
Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1113 (v3: 6.1) 11 May 2016
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1036 (v3: 6.1) 22 Apr 2016
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

2015

CVE-2015-8052 (v2: 4.3) 18 Nov 2015
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.
CVE-2015-8053 (v2: 4.3) 18 Nov 2015
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8052.
CVE-2015-0343 (v2: 4.3) 13 Jun 2015
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2015-0344 (v2: 4.3) 13 Jun 2015
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0345 (v2: 4.3) 15 Apr 2015
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.