Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2023.7416
APSB23-72 : Security update available for Adobe Experience Manager
13 December 2023
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Adobe Experience Manager
Publisher: Adobe
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Resolution: Patch/Upgrade
CVE Names: CVE-2023-48624 CVE-2023-48623 CVE-2023-48622
CVE-2023-48621 CVE-2023-48620 CVE-2023-48619
CVE-2023-48618 CVE-2023-48617 CVE-2023-48616
CVE-2023-48615 CVE-2023-48614 CVE-2023-48613
CVE-2023-48612 CVE-2023-48611 CVE-2023-48610
CVE-2023-48609 CVE-2023-48608 CVE-2023-48607
CVE-2023-48606 CVE-2023-48605 CVE-2023-48604
CVE-2023-48603 CVE-2023-48602 CVE-2023-48601
CVE-2023-48600 CVE-2023-48599 CVE-2023-48598
CVE-2023-48597 CVE-2023-48596 CVE-2023-48595
CVE-2023-48594 CVE-2023-48593 CVE-2023-48592
CVE-2023-48591 CVE-2023-48590 CVE-2023-48589
CVE-2023-48588 CVE-2023-48587 CVE-2023-48586
CVE-2023-48585 CVE-2023-48584 CVE-2023-48583
CVE-2023-48582 CVE-2023-48581 CVE-2023-48580
CVE-2023-48579 CVE-2023-48578 CVE-2023-48577
CVE-2023-48576 CVE-2023-48575 CVE-2023-48574
CVE-2023-48573 CVE-2023-48572 CVE-2023-48571
CVE-2023-48570 CVE-2023-48569 CVE-2023-48568
CVE-2023-48567 CVE-2023-48566 CVE-2023-48565
CVE-2023-48564 CVE-2023-48563 CVE-2023-48562
CVE-2023-48561 CVE-2023-48560 CVE-2023-48559
CVE-2023-48558 CVE-2023-48557 CVE-2023-48556
CVE-2023-48555 CVE-2023-48554 CVE-2023-48553
CVE-2023-48552 CVE-2023-48551 CVE-2023-48550
CVE-2023-48549 CVE-2023-48548 CVE-2023-48547
CVE-2023-48546 CVE-2023-48545 CVE-2023-48544
CVE-2023-48543 CVE-2023-48542 CVE-2023-48541
CVE-2023-48540 CVE-2023-48539 CVE-2023-48538
CVE-2023-48537 CVE-2023-48536 CVE-2023-48535
CVE-2023-48534 CVE-2023-48533 CVE-2023-48532
CVE-2023-48531 CVE-2023-48530 CVE-2023-48529
CVE-2023-48528 CVE-2023-48527 CVE-2023-48526
CVE-2023-48525 CVE-2023-48524 CVE-2023-48523
CVE-2023-48522 CVE-2023-48521 CVE-2023-48520
CVE-2023-48519 CVE-2023-48518 CVE-2023-48517
CVE-2023-48516 CVE-2023-48515 CVE-2023-48514
CVE-2023-48513 CVE-2023-48512 CVE-2023-48511
CVE-2023-48510 CVE-2023-48509 CVE-2023-48508
CVE-2023-48507 CVE-2023-48506 CVE-2023-48505
CVE-2023-48504 CVE-2023-48503 CVE-2023-48502
CVE-2023-48501 CVE-2023-48500 CVE-2023-48499
CVE-2023-48498 CVE-2023-48497 CVE-2023-48496
CVE-2023-48495 CVE-2023-48494 CVE-2023-48493
CVE-2023-48492 CVE-2023-48491 CVE-2023-48490
CVE-2023-48489 CVE-2023-48488 CVE-2023-48487
CVE-2023-48486 CVE-2023-48485 CVE-2023-48484
CVE-2023-48483 CVE-2023-48482 CVE-2023-48481
CVE-2023-48480 CVE-2023-48479 CVE-2023-48478
CVE-2023-48477 CVE-2023-48476 CVE-2023-48475
CVE-2023-48474 CVE-2023-48473 CVE-2023-48472
CVE-2023-48471 CVE-2023-48470 CVE-2023-48469
CVE-2023-48468 CVE-2023-48467 CVE-2023-48466
CVE-2023-48465 CVE-2023-48464 CVE-2023-48463
CVE-2023-48462 CVE-2023-48461 CVE-2023-48460
CVE-2023-48459 CVE-2023-48458 CVE-2023-48457
CVE-2023-48456 CVE-2023-48455 CVE-2023-48454
CVE-2023-48453 CVE-2023-48452 CVE-2023-48451
CVE-2023-48450 CVE-2023-48449 CVE-2023-48448
CVE-2023-48447 CVE-2023-48446 CVE-2023-48445
CVE-2023-48444 CVE-2023-48443 CVE-2023-48442
CVE-2023-48441 CVE-2023-48440 CVE-2023-25690
CVE-2023-4847
Original Bulletin:
https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html
Comment: CVSS (Max): 6.1 CVE-2023-48564 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS Source: Adobe
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- --------------------------BEGIN INCLUDED TEXT--------------------
Security updates available for Adobe Experience Manager | APSB23-72
Bulletin ID Date Published Priority
APSB23-72 December 12, 2023 3
Summary
Adobe has released updates for Adobe Experience Manager (AEM). These updates
resolve vulnerabilities rated important and moderate . Successful exploitation
of these vulnerabilities could result in arbitrary code execution and security
feature bypass.
Affected product versions
+------------------------------+-----------------------------------+----------+
| Product | Version | Platform |
+------------------------------+-----------------------------------+----------+
| |AEM Cloud Service (CS) |All |
|Adobe Experience Manager (AEM)+-----------------------------------+----------+
| |6.5.18.0 and earlier versions |All |
+------------------------------+-----------------------------------+----------+
Solution
Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version:
+------------------+--------------+----------+--------+-----------------------+
| Product | Version | Platform |Priority| Availability |
+------------------+--------------+----------+--------+-----------------------+
| |AEM Cloud | | | |
| |Service |All |3 |Release Notes |
|Adobe Experience |Release | | | |
|Manager (AEM) |2023.11 | | | |
| +--------------+----------+--------+-----------------------+
| |6.5.19.0 |All |3 |AEM 6.5 Service Pack |
| | | | |Release Notes |
+------------------+--------------+----------+--------+-----------------------+
Note:
Customers running on Adobe Experience Manager's Cloud Service will
automatically receive updates that include new features as well as security and
functionality bug fixes.
Note:
Experience Manager Security Considerations:
AEM as a Cloud Service Security Considerations
Anonymous Permission Hardening Package
Note:
Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3
and 6.2.
Vulnerability Details
Vulnerability Vulnerability CVSS CVSS
Category Impact Severity base vector CVE Number
score
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48440
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Improper /AV:N/
Access Security AC:L/
Control ( feature Important 5.3 PR:N/ CVE-2023-48441
CWE-284 ) bypass UI:N/S:U
/C:L/I:N
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48442
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48443
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48444
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48445
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48446
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48447
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary Important AC:L/
(Stored XSS) code 5.4 PR:L/ CVE-2023-48448
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48449
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48450
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48451
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48452
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48453
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48454
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48455
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48456
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48457
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48458
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48459
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48460
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48461
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48462
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48463
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48464
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48465
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48466
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48467
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48468
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48469
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48470
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48471
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48472
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48473
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.6 PR:L/ CVE-2023-48474
( CWE-79 ) execution UI:R/S:U
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48475
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48476
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48477
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48478
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48479
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48480
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48481
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48482
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48483
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48484
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48485
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48486
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48487
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48488
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48489
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48490
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48491
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48492
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48493
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48494
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48495
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48496
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48497
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48498
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48499
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48500
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48501
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48502
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48503
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48504
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48505
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48506
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48507
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48508
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48509
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48510
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48511
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48512
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48513
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48514
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48515
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48516
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48517
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48518
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48519
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48520
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48521
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48522
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48523
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48524
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48525
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 6.1 PR:N/ CVE-2023-48526
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48527
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48528
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48529
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48530
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48531
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48532
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48533
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48534
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48535
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48536
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.8 PR:H/ CVE-2023-48537
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48538
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48539
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48540
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48541
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48542
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48543
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48544
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48545
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48546
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48547
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.1 PR:L/ CVE-2023-48548
( CWE-79 ) execution UI:R/S:C
/C:L/I:N
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48549
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48550
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48551
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48552
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48553
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48554
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48555
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48556
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48557
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48558
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48559
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48560
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48561
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48562
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 6.1 PR:N/ CVE-2023-48563
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 6.1 PR:N/ CVE-2023-48564
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48565
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48566
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48567
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48568
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48569
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48570
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48571
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.1 PR:L/ CVE-2023-48572
( CWE-79 ) execution UI:R/S:C
/C:L/I:N
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.1 PR:L/ CVE-2023-48573
( CWE-79 ) execution UI:R/S:C
/C:L/I:N
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.1 PR:L/ CVE-2023-48574
( CWE-79 ) execution UI:R/S:C
/C:L/I:N
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48575
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.8 PR:H/ CVE-2023-48576
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48577
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48578
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.8 PR:H/ CVE-2023-48579
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48580
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48581
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.5 PR:H/ CVE-2023-48582
( CWE-79 ) execution UI:R/S:U
/C:H/I:N
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48583
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 4.8 PR:H/ CVE-2023-48584
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48585
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48586
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48587
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48588
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48589
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48590
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48591
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48592
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48593
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48594
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48595
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48596
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48597
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48598
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48599
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48600
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48601
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48602
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48603
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48604
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48605
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48606
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48607
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:H/
(Stored XSS) code Moderate 3.1 PR:L/ CVE-2023-48608
( CWE-79 ) execution UI:N/S:U
/C:N/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48609
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48610
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48611
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48612
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48613
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48614
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48615
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48616
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48617
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48618
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48619
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48620
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48621
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48622
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48623
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
CVSS:3.1
Cross-site /AV:N/
Scripting Arbitrary AC:L/
(Stored XSS) code Important 5.4 PR:L/ CVE-2023-48624
( CWE-79 ) execution UI:R/S:C
/C:L/I:L
/A:N
Note:
If a customer is using Apache httpd in a proxy with a non-default
configuration, they may be impacted by CVE-2023-25690 - please read more here:
https://httpd.apache.org/security/vulnerabilities_24.html
Acknowledgments
Adobe would like to thank the following for reporting these issues and for
working with Adobe to help protect our customers:
o Lorenzo Pirondini --CVE-2023-48442, CVE-2023-48444, CVE-2023-48445
CVE-2023-48446, CVE-2023-48449, CVE-2023-48450, CVE-2023-48451,
CVE-2023-48452, CVE-2023-48453, CVE-2023-48454, CVE-2023-48456,
CVE-2023-48457, CVE-2023-48458, CVE-2023-48459, CVE-2023-48460,
CVE-2023-48461, CVE-2023-48462, CVE-2023-48463, CVE-2023-48464,
CVE-2023-48465, CVE-2023-48466, CVE-2023-48467, CVE-2023-48468,
CVE-2023-48469, CVE-2023-48470, CVE-2023-4847, CVE-2023-48472,
CVE-2023-48473, CVE-2023-48474, CVE-2023-48475, CVE-2023-48476,
CVE-2023-48477, CVE-2023-48478, CVE-2023-48479, CVE-2023-48480,
CVE-2023-48481, CVE-2023-48482, CVE-2023-48483, CVE-2023-48484,
CVE-2023-48485, CVE-2023-48486, CVE-2023-48487, CVE-2023-48488,
CVE-2023-48489, CVE-2023-48490, CVE-2023-48491, CVE-2023-48492,
CVE-2023-48493, CVE-2023-48494, CVE-2023-48495, CVE-2023-48496,
CVE-2023-48502, CVE-2023-48503, CVE-2023-48505, CVE-2023-48506,
CVE-2023-48507, CVE-2023-48508, CVE-2023-48509 CVE-2023-48510,
CVE-2023-48511, CVE-2023-48514, CVE-2023-48516, CVE-2023-48517,
CVE-2023-48518, CVE-2023-48519, CVE-2023-48520, CVE-2023-48521,
CVE-2023-48522, CVE-2023-48523, CVE-2023-48524, CVE-2023-48525,
CVE-2023-48527, CVE-2023-48528, CVE-2023-48529, CVE-2023-48530,
CVE-2023-48531, CVE-2023-48532, CVE-2023-48535, CVE-2023-48536,
CVE-2023-48538, CVE-2023-48539, CVE-2023-48540, CVE-2023-48541,
CVE-2023-48542, CVE-2023-48543, CVE-2023-48544, CVE-2023-48545,
CVE-2023-48546, CVE-2023-48547, CVE-2023-48548, CVE-2023-48549,
CVE-2023-48550, CVE-2023-48551, CVE-2023-48552, CVE-2023-48553,
CVE-2023-48554, CVE-2023-48555, CVE-2023-48556, CVE-2023-48557,
CVE-2023-48558, CVE-2023-48565, CVE-2023-48566, CVE-2023-48567,
CVE-2023-48568, CVE-2023-48569, CVE-2023-48570, CVE-2023-48571,
CVE-2023-48577, CVE-2023-48578, CVE-2023-48583, CVE-2023-48585,
CVE-2023-48586, CVE-2023-48587, CVE-2023-48588, CVE-2023-48589,
CVE-2023-48590, CVE-2023-48591, CVE-2023-48598, CVE-2023-48599,
CVE-2023-48602, CVE-2023-48603, CVE-2023-48604, CVE-2023-48605,
CVE-2023-48606, CVE-2023-48607, CVE-2023-48609, CVE-2023-48610,
CVE-2023-48611, CVE-2023-48612, CVE-2023-48613, CVE-2023-48614,
CVE-2023-48615, CVE-2023-48616, CVE-2023-48617, CVE-2023-48618,
CVE-2023-48619
o Jim Green (green-jam) -- CVE-2023-48441, CVE-2023-48443, CVE-2023-48447,
CVE-2023-48448, CVE-2023-48455, CVE-2023-48497, CVE-2023-48498,
CVE-2023-48499, CVE-2023-48500, CVE-2023-48501, CVE-2023-48504,
CVE-2023-48526, CVE-2023-48548, CVE-2023-48559, CVE-2023-48560,
CVE-2023-48561, CVE-2023-48562, CVE-2023-48563, CVE-2023-48564,
CVE-2023-48592, CVE-2023-48593, CVE-2023-48594, CVE-2023-48595,
CVE-2023-48596, CVE-2023-48597, CVE-2023-48600, CVE-2023-48601,
CVE-2023-48620, CVE-2023-48621, CVE-2023-48622, CVE-2023-48623,
CVE-2023-48624
o Akshay Sharma (anonymous_blackzero) -- CVE-2023-48440, CVE-2023-48512,
CVE-2023-48513, CVE-2023-48515, CVE-2023-48533, CVE-2023-48534,
CVE-2023-48537, CVE-2023-48572, CVE-2023-48573, CVE-2023-48574,
CVE-2023-48575, CVE-2023-48576, CVE-2023-48579, CVE-2023-48580,
CVE-2023-48581, CVE-2023-48582, CVE-2023-48584, CVE-2023-48608
NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If
you are interested in working with Adobe as an external security researcher,
please fill out this form for next steps.
_________________________________________________________________________________
For more information, visit https://helpx.adobe.com/security.html , or email
PSIRT@adobe.com.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: https://auscert.org.au/gpg-key/
iQIVAwUBZXklwckNZI30y1K9AQheZw//TBp5+HR1tXRznnfzbeHRvw6dBWMse7nU
rmdRqqDF92AUI7spgNDx7ybRL1+KpErWYjvrg2kXX1GrOcCtca2f5+gQYbXCghyG
a5GVnXtT3Y+QbxSLa/qOpjPGuNbfCpZgvi4Rak+OG3lZoveT1AqGDfCZxmH+Y39M
0mFAt/FIDyVZk40CriVuA+cnjEY/rf6E4Tov96BPYeD8ScJ3ibNmavL8aYZuf+JZ
xCd7aeRY1hKeJLrrRNFlKjHxMc7HPVet0q6vJncLfB7MmO3p4M+SlEjy40zNp06a
tMb7S/kolRF78AQlBg9zXkMHQsbjP6iUazntp3aN7OGvHDib3bFahT/VP0/oOxU6
zOYZKDuRETh3WW/SRosDoo6ZRIcn4t69G8pn4y5u2A8F2qAUEF2KEIbg8wVlj344
LCBn6NBO57OJnQ9zg9e8J4koxJfPI4SHR/g/fcCLYNoOtazWr74/6IA+Hzjmj3o2
B2sQAQVHhaWiV8CUCjBPdsoDwBJlrVI4rG6x41TOO4sprdGvhONnwMUSKnkxn1NF
VYuy2+idcOHb+OkY0r7NB+bWUwtRYGofAsg8wr7S38zDDXB/5wM59HfiDwkkgvPg
cSYZaltbYZFar7g/RUZ3tA09bG+dK/gUsXyd9qgBNaVA+nl6CYcOBU3eHPGuBLqr
ODA/3K/T2Jw=
=4tsy
-----END PGP SIGNATURE-----