New Search

Multiple vulnerabilities on Adobe InDesign 16.0 and earlier versions

oval:org.cisecurity:def:8778

Out-of-bounds write that could lead to arbitrary code execution. (CVE-2021-21098 CVE-2021-21099) ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful. (CVE-2021-21043)

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2003
  • Microsoft Windows 8
  • Microsoft Windows 7
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows 8.1
  • Microsoft Windows 10
Class:
vulnerability
Reference(s):
  • APSB21-22
  • CVE-2021-21098
  • CVE-2021-21099
  • CVE-2021-21043
Product(s):
  • Adobe InDesign