The vulnerabilities could lead to a cross-site scripting attack in ColdFusion Remote Development Services and in custom tags used to develop dynamic forms, Adobe advised.
“Adobe categorizes this as an important update and recommends that users apply the latest update for their product installation”, the company said in announcing the fix.
The company stressed that it was not aware of any exploits in the wild for the issues addressed in this update.
Adobe acknowledged the help of Shawn Gorrell and Howard Fore of the Federal Reserve Bank of Atlanta and Oren Hafif of Hacktics (Ernst & Young) in reporting and patching the vulnerabilities.