Adobe Security Bulletin

Search

Security updates available for Adobe Experience Manager | APSB23-72

Bulletin ID

Date Published

Priority

APSB23-72

December 12, 2023

3

Summary

Adobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities rated important and moderate. Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass.

Affected product versions

Product Version Platform
Adobe Experience Manager (AEM)
 AEM Cloud Service (CS)
 All
6.5.18.0 and earlier versions 
 All

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability
Adobe Experience Manager (AEM) 
 AEM Cloud Service Release 2023.11
 All 3 Release Notes
6.5.19.0
 All

3

 AEM 6.5 Service Pack Release Notes 
Note:

Customers running on Adobe Experience Manager’s Cloud Service will automatically receive updates that include new features as well as security and functionality bug fixes.  

Note:

Experience Manager Security Considerations:

AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package

Note:

Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2.

Vulnerability Details

Vulnerability Category
 Vulnerability Impact
 Severity
 CVSS base score
 CVSS vector
 CVE Number
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48440
Improper Access Control (CWE-284)
 Security feature bypass
 Important 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
 CVE-2023-48441
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48442
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48443
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48444
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48445
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48446
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48447
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important

 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48448
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48449
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48450
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48451
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48452
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48453
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48454
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48455
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48456
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48457
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48458
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48459
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48460
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48461
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48462
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48463
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48464
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48465
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48466
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48467
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48468
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48469
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48470
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48471
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48472
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48473
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
 CVE-2023-48474
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48475
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48476
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48477
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48478
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48479
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48480
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48481
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48482
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48483
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48484
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48485
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48486
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48487
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48488
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48489
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48490
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48491
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48492
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48493
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48494
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48495
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48496
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48497
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48498
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48499
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48500
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48501
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48502
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48503
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48504
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48505
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48506
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48507
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48508
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48509
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48510
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48511
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48512
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48513
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48514
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48515
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48516
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48517
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48518
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48519
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48520
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48521
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48522
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48523
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48524
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48525
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48526
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48527
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48528
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48529
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48530
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48531
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48532
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48533
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48534
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48535
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48536
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48537
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48538
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48539
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48540
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48541
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48542
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48543
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48544
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48545
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48546
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48547
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
 CVE-2023-48548
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48549
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48550
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48551
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48552
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48553
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48554
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48555
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48556
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48557
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48558
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48559
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48560
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48561
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48562
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48563
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48564
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48565
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48566
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48567
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48568
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48569
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48570
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48571
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
 CVE-2023-48572
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
 CVE-2023-48573
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
 CVE-2023-48574
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48575
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48576
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48577
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48578
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48579
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48580
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48581
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
 CVE-2023-48582
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48583
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 4.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-48584
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48585
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48586
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48587
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48588
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48589
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48590
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48591
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48592
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48593
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48594
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48595
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48596
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48597
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48598
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48599
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48600
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48601
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48602
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48603
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48604
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48605
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48606
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48607
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Moderate 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
 CVE-2023-48608
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48609
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48610
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48611
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48612
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48613
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48614
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48615
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48616
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48617
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48618
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48619
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48620
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48621
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48622
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48623
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-48624
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-47064
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-47065
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4
 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-51457
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4
 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-51458
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4
 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-51459
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4
 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-51460
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4
 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-51461
Cross-site Scripting (Stored XSS) (CWE-79)
 Arbitrary code execution
 Important
 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
 CVE-2023-51462
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-51463
Cross-site Scripting (Stored XSS) (CWE-79) Arbitrary code execution Important

 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2023-51464
Note:

If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • Lorenzo Pirondini --CVE-2023-48442, CVE-2023-48444, CVE-2023-48445 CVE-2023-48446, CVE-2023-48449, CVE-2023-48450, CVE-2023-48451, CVE-2023-48452, CVE-2023-48453, CVE-2023-48454, CVE-2023-48456, CVE-2023-48457, CVE-2023-48458, CVE-2023-48459, CVE-2023-48460, CVE-2023-48461, CVE-2023-48462, CVE-2023-48463, CVE-2023-48464, CVE-2023-48465, CVE-2023-48466, CVE-2023-48467, CVE-2023-48468, CVE-2023-48469, CVE-2023-48470, CVE-2023-4847, CVE-2023-48472, CVE-2023-48473, CVE-2023-48474, CVE-2023-48475, CVE-2023-48476, CVE-2023-48477, CVE-2023-48478, CVE-2023-48479, CVE-2023-48480, CVE-2023-48481, CVE-2023-48482, CVE-2023-48483, CVE-2023-48484, CVE-2023-48485, CVE-2023-48486, CVE-2023-48487, CVE-2023-48488, CVE-2023-48489, CVE-2023-48490, CVE-2023-48491, CVE-2023-48492, CVE-2023-48493, CVE-2023-48494, CVE-2023-48495, CVE-2023-48496, CVE-2023-48502, CVE-2023-48503, CVE-2023-48505, CVE-2023-48506, CVE-2023-48507, CVE-2023-48508, CVE-2023-48509 CVE-2023-48510, CVE-2023-48511, CVE-2023-48514, CVE-2023-48516, CVE-2023-48517, CVE-2023-48518, CVE-2023-48519, CVE-2023-48520, CVE-2023-48521, CVE-2023-48522, CVE-2023-48523, CVE-2023-48524, CVE-2023-48525, CVE-2023-48527, CVE-2023-48528, CVE-2023-48529, CVE-2023-48530, CVE-2023-48531, CVE-2023-48532, CVE-2023-48535, CVE-2023-48536, CVE-2023-48538, CVE-2023-48539, CVE-2023-48540, CVE-2023-48541, CVE-2023-48542, CVE-2023-48543, CVE-2023-48544, CVE-2023-48545, CVE-2023-48546, CVE-2023-48547, CVE-2023-48548, CVE-2023-48549, CVE-2023-48550, CVE-2023-48551, CVE-2023-48552, CVE-2023-48553, CVE-2023-48554, CVE-2023-48555, CVE-2023-48556, CVE-2023-48557, CVE-2023-48558, CVE-2023-48565, CVE-2023-48566, CVE-2023-48567, CVE-2023-48568, CVE-2023-48569, CVE-2023-48570, CVE-2023-48571, CVE-2023-48577, CVE-2023-48578, CVE-2023-48583, CVE-2023-48585, CVE-2023-48586, CVE-2023-48587, CVE-2023-48588, CVE-2023-48589, CVE-2023-48590, CVE-2023-48591, CVE-2023-48598, CVE-2023-48599, CVE-2023-48602, CVE-2023-48603, CVE-2023-48604, CVE-2023-48605, CVE-2023-48606, CVE-2023-48607, CVE-2023-48609, CVE-2023-48610, CVE-2023-48611, CVE-2023-48612, CVE-2023-48613, CVE-2023-48614, CVE-2023-48615, CVE-2023-48616, CVE-2023-48617, CVE-2023-48618, CVE-2023-48619, CVE-2023-47065, CVE-2023-51457, CVE-2023-51458, CVE-2023-51460, CVE-2023-51463, CVE-2023-51464

  • Jim Green (green-jam) -- CVE-2023-48441, CVE-2023-48443, CVE-2023-48447, CVE-2023-48448, CVE-2023-48455, CVE-2023-48497, CVE-2023-48498, CVE-2023-48499, CVE-2023-48500, CVE-2023-48501, CVE-2023-48504, CVE-2023-48526, CVE-2023-48548, CVE-2023-48559, CVE-2023-48560, CVE-2023-48561, CVE-2023-48562, CVE-2023-48563, CVE-2023-48564, CVE-2023-48592, CVE-2023-48593, CVE-2023-48594, CVE-2023-48595, CVE-2023-48596, CVE-2023-48597, CVE-2023-48600, CVE-2023-48601, CVE-2023-48620, CVE-2023-48621, CVE-2023-48622, CVE-2023-48623, CVE-2023-48624, CVE-2023-47064, CVE-2023-51459, CVE-2023-51462

  • Akshay Sharma (anonymous_blackzero) -- CVE-2023-48440, CVE-2023-48512, CVE-2023-48513, CVE-2023-48515, CVE-2023-48533, CVE-2023-48534, CVE-2023-48537, CVE-2023-48572, CVE-2023-48573, CVE-2023-48574, CVE-2023-48575, CVE-2023-48576, CVE-2023-48579, CVE-2023-48580, CVE-2023-48581, CVE-2023-48582, CVE-2023-48584, CVE-2023-48608, CVE-2023-51461

NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps.

Revisions

December 13, 2023 - Added 2 CVEs, - CVE-2023-47064 and CVE-2023-47065

December 19, 2023 -  Added 6 CVEs - CVE-2023-51457, CVE-2023-51458, CVE-2023-51459, CVE-2023-51460, CVE-2023-51461, CVE-2023-51462

January 17, 2024 - Added 2 CVEs - CVE-2023-51463, CVE-2023-51464

For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

 Adobe

Get help faster and easier

New user?

Quick links

View all your plans Manage your plans
View quick links
Hide quick links