Medium
Adobe Connect is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to execute arbitrary code on the system.
Adobe Connect could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Adobe Acrobat Reader for Android could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing directory traversal sequences (/../) to execute arbitrary code on the system.
Adobe ops-cli could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash.
Adobe Commerce and Magento Open Source are vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to bypass the security feature. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Adobe Campaign Standard is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to execute arbitrary code on the system.
Refer to Adobe Advisory for patch, upgrade, or suggested workaround information.
CVE-2021-40721
CVE-2021-40719
CVE-2021-40724
CVE-2021-40720
CVE-2021-39864
CVE-2021-40744