Cross-Site Scripting Vulnerability in Adobe Document Server for Reader Extensions
CVE-2006-1785

Currently unrated

Key Information:

Vendor: Adobe
Status: Document Server
Vendor: CVE Published:; 13 April 2006

Summary

A vulnerability exists in Adobe Document Server for Reader Extensions 6.0 that allows remote authenticated users to execute arbitrary web scripts. This exploit occurs through the manipulation of the ReaderURL variable in the 'Update Download Site' section, where the inclusion of specific FTP or HTTP URIs can lead to cross-site scripting attacks. Although exploiting this vulnerability requires administrative privileges, the potential for malicious exploitation raises significant security concerns.

References

http://www.securityfocus.com/archive/1/430869/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.osvdb.org/24588

vdb-entryx_refsource_OSVDB

http://www.adobe.com/support/techdocs/322699.html

x_refsource_MISC

Timeline

Vulnerability published
Apr 13, 2006
Vulnerability Reserved
Apr 13, 2006