| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed. |
| Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Exploitation of this issue requires user interaction in that a victim must open a malicious link. Scope is changed. |
| Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction in that a victim must click on a crafted link. |
| Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. |
| Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in a victim's browser. Exploitation of this issue requires user interaction in that a victim must navigate to a crafted web page. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high. Scope is changed. |
| Windows Cryptographic Services Security Feature Bypass Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| .NET and Visual Studio Denial of Service Vulnerability |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. |
| An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. |
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability |
| Windows Remote Desktop Licensing Service Denial of Service Vulnerability |
| Microsoft SharePoint Remote Code Execution Vulnerability |
| Azure CycleCloud Elevation of Privilege Vulnerability |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
