Five critical cross-site scripting flaws were fixed by Adobe in Experience Manager as part of its regularly scheduled patches. Adobe also fixed flaws in Adobe Media Encoder and InDesign. The flaws could allow attackers to execute JavaScript in targets browsers. Adobe issued patches for the flaws in version 2019.0.6 and 2019.7 for Windows. The update was given a priority 3, meaning it resolves vulnerabilities in a product that has historically been at elevated risk but for which there is no known exploits.
Source: https://threatpost.com/critical-adobe-flaws-attackers-javascript-browsers/159026/