Adobe has released its third security update of the month with a fresh round of patches to resolve bugs in Adobe Experience Manager and Adobe Experience Manager Forms.
On Tuesday, the software giant published a security advisory which detailed two vulnerabilities, deemed 'moderate' and 'important,' which have now been resolved in the main content management solution, alongside a single security flaw in Adobe Experience Manager Forms, a digital forms creator within the main suite.
The first vulnerability, CVE-2018-19726, is a stored cross-site scripting vulnerability and impacts Adobe Experience Manager versions 6.0, 6.1, 6.2, 6.3, and 6.4 on all platforms.
The second security flaw, CVE-2018-19727, is a reflected cross-site scripting vulnerability which only affects Adobe Experience Manager versions 6.3 and 6.4.
The vulnerability impacting Adobe Experience Manager Forms is CVE-2018-19724, a stored cross-site scripting bug, deemed 'important,' which can lead to sensitive information disclosure if exploited. Adobe Experience Manager Forms versions 6.2, 6.3, and 6.4 on all platforms are affected.
Adobe recommends that users accept updates to their software builds immediately to mitigate the risk of exploit.
This is the third release this month by Adobe to resolve security vulnerabilities in the firm's software. In the first release of January, Adobe patched critical bugs in Adobe Acrobat and Reader which, if exploited, could lead to privilege escalation and the execution of arbitrary code (CVE-2018-19725, CVE-2018-16011).
The second security update centered around Adobe Connect and Digital Editions. This round of patches fixed two vulnerabilities, CVE-2018-19718, and CVE-2018-12817, which have the potential to expose session tokens and leak sensitive information.
In related news this month, security researchers released three micropatches for a set of Windows zero-day vulnerabilities of which exploit code has been released online. Microsoft is yet to patch the bugs.