Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.7416 APSB23-72 : Security update available for Adobe Experience Manager 13 December 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Experience Manager Publisher: Adobe Operating System: Windows UNIX variants (UNIX, Linux, OSX) Resolution: Patch/Upgrade CVE Names: CVE-2023-48624 CVE-2023-48623 CVE-2023-48622 CVE-2023-48621 CVE-2023-48620 CVE-2023-48619 CVE-2023-48618 CVE-2023-48617 CVE-2023-48616 CVE-2023-48615 CVE-2023-48614 CVE-2023-48613 CVE-2023-48612 CVE-2023-48611 CVE-2023-48610 CVE-2023-48609 CVE-2023-48608 CVE-2023-48607 CVE-2023-48606 CVE-2023-48605 CVE-2023-48604 CVE-2023-48603 CVE-2023-48602 CVE-2023-48601 CVE-2023-48600 CVE-2023-48599 CVE-2023-48598 CVE-2023-48597 CVE-2023-48596 CVE-2023-48595 CVE-2023-48594 CVE-2023-48593 CVE-2023-48592 CVE-2023-48591 CVE-2023-48590 CVE-2023-48589 CVE-2023-48588 CVE-2023-48587 CVE-2023-48586 CVE-2023-48585 CVE-2023-48584 CVE-2023-48583 CVE-2023-48582 CVE-2023-48581 CVE-2023-48580 CVE-2023-48579 CVE-2023-48578 CVE-2023-48577 CVE-2023-48576 CVE-2023-48575 CVE-2023-48574 CVE-2023-48573 CVE-2023-48572 CVE-2023-48571 CVE-2023-48570 CVE-2023-48569 CVE-2023-48568 CVE-2023-48567 CVE-2023-48566 CVE-2023-48565 CVE-2023-48564 CVE-2023-48563 CVE-2023-48562 CVE-2023-48561 CVE-2023-48560 CVE-2023-48559 CVE-2023-48558 CVE-2023-48557 CVE-2023-48556 CVE-2023-48555 CVE-2023-48554 CVE-2023-48553 CVE-2023-48552 CVE-2023-48551 CVE-2023-48550 CVE-2023-48549 CVE-2023-48548 CVE-2023-48547 CVE-2023-48546 CVE-2023-48545 CVE-2023-48544 CVE-2023-48543 CVE-2023-48542 CVE-2023-48541 CVE-2023-48540 CVE-2023-48539 CVE-2023-48538 CVE-2023-48537 CVE-2023-48536 CVE-2023-48535 CVE-2023-48534 CVE-2023-48533 CVE-2023-48532 CVE-2023-48531 CVE-2023-48530 CVE-2023-48529 CVE-2023-48528 CVE-2023-48527 CVE-2023-48526 CVE-2023-48525 CVE-2023-48524 CVE-2023-48523 CVE-2023-48522 CVE-2023-48521 CVE-2023-48520 CVE-2023-48519 CVE-2023-48518 CVE-2023-48517 CVE-2023-48516 CVE-2023-48515 CVE-2023-48514 CVE-2023-48513 CVE-2023-48512 CVE-2023-48511 CVE-2023-48510 CVE-2023-48509 CVE-2023-48508 CVE-2023-48507 CVE-2023-48506 CVE-2023-48505 CVE-2023-48504 CVE-2023-48503 CVE-2023-48502 CVE-2023-48501 CVE-2023-48500 CVE-2023-48499 CVE-2023-48498 CVE-2023-48497 CVE-2023-48496 CVE-2023-48495 CVE-2023-48494 CVE-2023-48493 CVE-2023-48492 CVE-2023-48491 CVE-2023-48490 CVE-2023-48489 CVE-2023-48488 CVE-2023-48487 CVE-2023-48486 CVE-2023-48485 CVE-2023-48484 CVE-2023-48483 CVE-2023-48482 CVE-2023-48481 CVE-2023-48480 CVE-2023-48479 CVE-2023-48478 CVE-2023-48477 CVE-2023-48476 CVE-2023-48475 CVE-2023-48474 CVE-2023-48473 CVE-2023-48472 CVE-2023-48471 CVE-2023-48470 CVE-2023-48469 CVE-2023-48468 CVE-2023-48467 CVE-2023-48466 CVE-2023-48465 CVE-2023-48464 CVE-2023-48463 CVE-2023-48462 CVE-2023-48461 CVE-2023-48460 CVE-2023-48459 CVE-2023-48458 CVE-2023-48457 CVE-2023-48456 CVE-2023-48455 CVE-2023-48454 CVE-2023-48453 CVE-2023-48452 CVE-2023-48451 CVE-2023-48450 CVE-2023-48449 CVE-2023-48448 CVE-2023-48447 CVE-2023-48446 CVE-2023-48445 CVE-2023-48444 CVE-2023-48443 CVE-2023-48442 CVE-2023-48441 CVE-2023-48440 CVE-2023-25690 CVE-2023-4847 Original Bulletin: https://helpx.adobe.com/security/products/experience-manager/apsb23-72.html Comment: CVSS (Max): 6.1 CVE-2023-48564 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) CVSS Source: Adobe Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - --------------------------BEGIN INCLUDED TEXT-------------------- Security updates available for Adobe Experience Manager | APSB23-72 Bulletin ID Date Published Priority APSB23-72 December 12, 2023 3 Summary Adobe has released updates for Adobe Experience Manager (AEM). These updates resolve vulnerabilities rated important and moderate . Successful exploitation of these vulnerabilities could result in arbitrary code execution and security feature bypass. Affected product versions +------------------------------+-----------------------------------+----------+ | Product | Version | Platform | +------------------------------+-----------------------------------+----------+ | |AEM Cloud Service (CS) |All | |Adobe Experience Manager (AEM)+-----------------------------------+----------+ | |6.5.18.0 and earlier versions |All | +------------------------------+-----------------------------------+----------+ Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version: +------------------+--------------+----------+--------+-----------------------+ | Product | Version | Platform |Priority| Availability | +------------------+--------------+----------+--------+-----------------------+ | |AEM Cloud | | | | | |Service |All |3 |Release Notes | |Adobe Experience |Release | | | | |Manager (AEM) |2023.11 | | | | | +--------------+----------+--------+-----------------------+ | |6.5.19.0 |All |3 |AEM 6.5 Service Pack | | | | | |Release Notes | +------------------+--------------+----------+--------+-----------------------+ Note: Customers running on Adobe Experience Manager's Cloud Service will automatically receive updates that include new features as well as security and functionality bug fixes. Note: Experience Manager Security Considerations: AEM as a Cloud Service Security Considerations Anonymous Permission Hardening Package Note: Please contact Adobe customer care for assistance with AEM versions 6.4, 6.3 and 6.2. Vulnerability Details Vulnerability Vulnerability CVSS CVSS Category Impact Severity base vector CVE Number score CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48440 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Improper /AV:N/ Access Security AC:L/ Control ( feature Important 5.3 PR:N/ CVE-2023-48441 CWE-284 ) bypass UI:N/S:U /C:L/I:N /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48442 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48443 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48444 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48445 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48446 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48447 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary Important AC:L/ (Stored XSS) code 5.4 PR:L/ CVE-2023-48448 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48449 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48450 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48451 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48452 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48453 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48454 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48455 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48456 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48457 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48458 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48459 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48460 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48461 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48462 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48463 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48464 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48465 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48466 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48467 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48468 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48469 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48470 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48471 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48472 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48473 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.6 PR:L/ CVE-2023-48474 ( CWE-79 ) execution UI:R/S:U /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48475 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48476 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48477 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48478 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48479 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48480 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48481 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48482 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48483 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48484 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48485 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48486 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48487 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48488 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48489 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48490 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48491 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48492 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48493 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48494 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48495 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48496 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48497 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48498 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48499 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48500 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48501 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48502 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48503 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48504 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48505 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48506 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48507 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48508 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48509 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48510 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48511 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48512 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48513 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48514 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48515 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48516 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48517 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48518 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48519 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48520 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48521 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48522 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48523 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48524 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48525 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 6.1 PR:N/ CVE-2023-48526 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48527 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48528 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48529 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48530 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48531 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48532 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48533 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48534 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48535 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48536 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.8 PR:H/ CVE-2023-48537 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48538 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48539 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48540 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48541 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48542 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48543 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48544 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48545 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48546 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48547 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.1 PR:L/ CVE-2023-48548 ( CWE-79 ) execution UI:R/S:C /C:L/I:N /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48549 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48550 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48551 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48552 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48553 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48554 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48555 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48556 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48557 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48558 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48559 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48560 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48561 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48562 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 6.1 PR:N/ CVE-2023-48563 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 6.1 PR:N/ CVE-2023-48564 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48565 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48566 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48567 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48568 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48569 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48570 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48571 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.1 PR:L/ CVE-2023-48572 ( CWE-79 ) execution UI:R/S:C /C:L/I:N /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.1 PR:L/ CVE-2023-48573 ( CWE-79 ) execution UI:R/S:C /C:L/I:N /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.1 PR:L/ CVE-2023-48574 ( CWE-79 ) execution UI:R/S:C /C:L/I:N /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48575 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.8 PR:H/ CVE-2023-48576 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48577 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48578 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.8 PR:H/ CVE-2023-48579 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48580 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48581 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.5 PR:H/ CVE-2023-48582 ( CWE-79 ) execution UI:R/S:U /C:H/I:N /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48583 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 4.8 PR:H/ CVE-2023-48584 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48585 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48586 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48587 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48588 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48589 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48590 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48591 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48592 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48593 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48594 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48595 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48596 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48597 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48598 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48599 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48600 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48601 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48602 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48603 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48604 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48605 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48606 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48607 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:H/ (Stored XSS) code Moderate 3.1 PR:L/ CVE-2023-48608 ( CWE-79 ) execution UI:N/S:U /C:N/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48609 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48610 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48611 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48612 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48613 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48614 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48615 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48616 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48617 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48618 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48619 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48620 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48621 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48622 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48623 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N CVSS:3.1 Cross-site /AV:N/ Scripting Arbitrary AC:L/ (Stored XSS) code Important 5.4 PR:L/ CVE-2023-48624 ( CWE-79 ) execution UI:R/S:C /C:L/I:L /A:N Note: If a customer is using Apache httpd in a proxy with a non-default configuration, they may be impacted by CVE-2023-25690 - please read more here: https://httpd.apache.org/security/vulnerabilities_24.html Acknowledgments Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: o Lorenzo Pirondini --CVE-2023-48442, CVE-2023-48444, CVE-2023-48445 CVE-2023-48446, CVE-2023-48449, CVE-2023-48450, CVE-2023-48451, CVE-2023-48452, CVE-2023-48453, CVE-2023-48454, CVE-2023-48456, CVE-2023-48457, CVE-2023-48458, CVE-2023-48459, CVE-2023-48460, CVE-2023-48461, CVE-2023-48462, CVE-2023-48463, CVE-2023-48464, CVE-2023-48465, CVE-2023-48466, CVE-2023-48467, CVE-2023-48468, CVE-2023-48469, CVE-2023-48470, CVE-2023-4847, CVE-2023-48472, CVE-2023-48473, CVE-2023-48474, CVE-2023-48475, CVE-2023-48476, CVE-2023-48477, CVE-2023-48478, CVE-2023-48479, CVE-2023-48480, CVE-2023-48481, CVE-2023-48482, CVE-2023-48483, CVE-2023-48484, CVE-2023-48485, CVE-2023-48486, CVE-2023-48487, CVE-2023-48488, CVE-2023-48489, CVE-2023-48490, CVE-2023-48491, CVE-2023-48492, CVE-2023-48493, CVE-2023-48494, CVE-2023-48495, CVE-2023-48496, CVE-2023-48502, CVE-2023-48503, CVE-2023-48505, CVE-2023-48506, CVE-2023-48507, CVE-2023-48508, CVE-2023-48509 CVE-2023-48510, CVE-2023-48511, CVE-2023-48514, CVE-2023-48516, CVE-2023-48517, CVE-2023-48518, CVE-2023-48519, CVE-2023-48520, CVE-2023-48521, CVE-2023-48522, CVE-2023-48523, CVE-2023-48524, CVE-2023-48525, CVE-2023-48527, CVE-2023-48528, CVE-2023-48529, CVE-2023-48530, CVE-2023-48531, CVE-2023-48532, CVE-2023-48535, CVE-2023-48536, CVE-2023-48538, CVE-2023-48539, CVE-2023-48540, CVE-2023-48541, CVE-2023-48542, CVE-2023-48543, CVE-2023-48544, CVE-2023-48545, CVE-2023-48546, CVE-2023-48547, CVE-2023-48548, CVE-2023-48549, CVE-2023-48550, CVE-2023-48551, CVE-2023-48552, CVE-2023-48553, CVE-2023-48554, CVE-2023-48555, CVE-2023-48556, CVE-2023-48557, CVE-2023-48558, CVE-2023-48565, CVE-2023-48566, CVE-2023-48567, CVE-2023-48568, CVE-2023-48569, CVE-2023-48570, CVE-2023-48571, CVE-2023-48577, CVE-2023-48578, CVE-2023-48583, CVE-2023-48585, CVE-2023-48586, CVE-2023-48587, CVE-2023-48588, CVE-2023-48589, CVE-2023-48590, CVE-2023-48591, CVE-2023-48598, CVE-2023-48599, CVE-2023-48602, CVE-2023-48603, CVE-2023-48604, CVE-2023-48605, CVE-2023-48606, CVE-2023-48607, CVE-2023-48609, CVE-2023-48610, CVE-2023-48611, CVE-2023-48612, CVE-2023-48613, CVE-2023-48614, CVE-2023-48615, CVE-2023-48616, CVE-2023-48617, CVE-2023-48618, CVE-2023-48619 o Jim Green (green-jam) -- CVE-2023-48441, CVE-2023-48443, CVE-2023-48447, CVE-2023-48448, CVE-2023-48455, CVE-2023-48497, CVE-2023-48498, CVE-2023-48499, CVE-2023-48500, CVE-2023-48501, CVE-2023-48504, CVE-2023-48526, CVE-2023-48548, CVE-2023-48559, CVE-2023-48560, CVE-2023-48561, CVE-2023-48562, CVE-2023-48563, CVE-2023-48564, CVE-2023-48592, CVE-2023-48593, CVE-2023-48594, CVE-2023-48595, CVE-2023-48596, CVE-2023-48597, CVE-2023-48600, CVE-2023-48601, CVE-2023-48620, CVE-2023-48621, CVE-2023-48622, CVE-2023-48623, CVE-2023-48624 o Akshay Sharma (anonymous_blackzero) -- CVE-2023-48440, CVE-2023-48512, CVE-2023-48513, CVE-2023-48515, CVE-2023-48533, CVE-2023-48534, CVE-2023-48537, CVE-2023-48572, CVE-2023-48573, CVE-2023-48574, CVE-2023-48575, CVE-2023-48576, CVE-2023-48579, CVE-2023-48580, CVE-2023-48581, CVE-2023-48582, CVE-2023-48584, CVE-2023-48608 NOTE: Adobe has a private, invite-only, bug bounty program with HackerOne. If you are interested in working with Adobe as an external security researcher, please fill out this form for next steps. _________________________________________________________________________________ For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZXklwckNZI30y1K9AQheZw//TBp5+HR1tXRznnfzbeHRvw6dBWMse7nU rmdRqqDF92AUI7spgNDx7ybRL1+KpErWYjvrg2kXX1GrOcCtca2f5+gQYbXCghyG a5GVnXtT3Y+QbxSLa/qOpjPGuNbfCpZgvi4Rak+OG3lZoveT1AqGDfCZxmH+Y39M 0mFAt/FIDyVZk40CriVuA+cnjEY/rf6E4Tov96BPYeD8ScJ3ibNmavL8aYZuf+JZ xCd7aeRY1hKeJLrrRNFlKjHxMc7HPVet0q6vJncLfB7MmO3p4M+SlEjy40zNp06a tMb7S/kolRF78AQlBg9zXkMHQsbjP6iUazntp3aN7OGvHDib3bFahT/VP0/oOxU6 zOYZKDuRETh3WW/SRosDoo6ZRIcn4t69G8pn4y5u2A8F2qAUEF2KEIbg8wVlj344 LCBn6NBO57OJnQ9zg9e8J4koxJfPI4SHR/g/fcCLYNoOtazWr74/6IA+Hzjmj3o2 B2sQAQVHhaWiV8CUCjBPdsoDwBJlrVI4rG6x41TOO4sprdGvhONnwMUSKnkxn1NF VYuy2+idcOHb+OkY0r7NB+bWUwtRYGofAsg8wr7S38zDDXB/5wM59HfiDwkkgvPg cSYZaltbYZFar7g/RUZ3tA09bG+dK/gUsXyd9qgBNaVA+nl6CYcOBU3eHPGuBLqr ODA/3K/T2Jw= =4tsy -----END PGP SIGNATURE-----