adobe systems incorporated

Web & CMS PluginsUScommercial

143

Cumulative CVEs

Monthly snapshots

Peak rank

Trend history

Full timeline

Top products

magento 252 magento 18 magento 1 & 23

Latest CVEs

See all →

The 15 most recently published vulnerabilities affecting adobe systems incorporated.

CVE-2020-24445Cross-site Scripting Vulnerability in Commenting Function of Adobe Experience Manager (AEM)9.0Dec 10, 2020
CVE-2019-8132A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft malicious payload in the template Na...5.4Nov 6, 2019
CVE-2019-8145A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code into the ...5.4Nov 6, 2019
CVE-2019-8158An XPath entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An attacker can craft a GET request to page cache block rendering module that ...9.8Nov 6, 2019
CVE-2019-8157A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate downloadable link and cause an ...5.4Nov 6, 2019
CVE-2019-8156A server-side request forgery (SSRF) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to modify store configu...7.2Nov 6, 2019
CVE-2019-8159A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with system data manipulation privileges can execute aribi...8.8Nov 6, 2019
CVE-2019-8227In Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code via import / export functionality when c...4.8Nov 6, 2019
CVE-2019-8228in Magento prior to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with limited administrative privileges can inject arbitrary JavaScript code into transactional email page when creat...4.8Nov 5, 2019
CVE-2019-8229In Magento prior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit product attributes can execute arbitrary code through crafted layout updates.7.2Nov 5, 2019
CVE-2019-8230In Magentoprior to 1.9.4.3, and Magento prior to 1.14.4.3, an authenticated user with administrative privileges to edit configuration settings can execute arbitrary code through a crafted support/o...7.2Nov 5, 2019
CVE-2019-8231In Magento to 1.9.4.3 and Magento prior to 1.14.4.3, an authenticated user with administrative privileges for editing attribute sets can execute arbitrary code through custom layout modification.7.2Nov 5, 2019
CVE-2019-8232In Magento prior to 1.9.4.3, Magento prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, and Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an authenticated user with administrative privileges for the import ...6.6Nov 5, 2019
CVE-2019-8233In Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1, an unauthenticated user can inject arbitrary JavaScript code as a result of the sanitization engine ignoring HTML comments.6.1Nov 5, 2019
CVE-2019-8155Magento prior to 1.9.4.3 and prior to 1.14.4.3 included a user's CSRF token in the URL of a GET request. This could be exploited by an attacker with access to network traffic to perform unauthorize...7.5Nov 5, 2019