CVE-2008-2640

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.

Reference

http://blog.watchfire.com/wfblog/2008/06/javascript-code.html
http://secunia.com/advisories/30746
http://securitytracker.com/id?1020301
http://www.adobe.com/support/security/bulletins/apsb08-14.html
http://www.securityfocus.com/bid/29778
http://www.vupen.com/english/advisories/2008/1862
https://exchange.xforce.ibmcloud.com/vulnerabilities/43150

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

08-08-2017 - 01:31

Objavljeno

18-06-2008 - 19:41