Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x prior to 4.6 allows remote malicious users to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flex sdk 3.0 |
||
adobe flex sdk 3.5a |
||
adobe flex sdk 3.6 |
||
adobe flex sdk 3.0.1 |
||
adobe flex sdk 3.1 |
||
adobe flex sdk 3.2 |
||
adobe flex sdk 4.0 |
||
adobe flex sdk 4.1 |
||
adobe flex sdk 3.4.1 |
||
adobe flex sdk 3.5 |
||
adobe flex sdk 3.3 |
||
adobe flex sdk 3.4 |
||
adobe flex sdk 4.5 |
||
adobe flex sdk 4.5.1 |
You had one job, Adobe, one job ...
Hackers Luca Carettoni and Mauro Gentile found a badly-applied four-year-old Adobe patch allows attackers to steal information and commandeer accounts for three of the world's top ten websites and 'many' others. The LinkedIn and Minded Security researchers say the indirect Same-Origin-Policy Request Forgery and Cross-Site Request Forgery bypasses relates to a failed patch (CVE-2011-2461) issued in 2011. It is intended to fix Adobe Shockwave files that are vulnerable when built through the compan...