Multiple XSS Vulnerabilities in Adobe Flex 3 and Flex Builder
CVE-2008-2640

Currently unrated

Key Information:

Vendor: Adobe
Status: Flex Builder; Flex
Vendor: CVE Published:; 18 June 2008

Summary

The Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3 contains multiple XSS vulnerabilities that enable attackers to inject arbitrary web scripts or HTML into client-side applications. Exploitation occurs through specific files within the templates directory, including client-side-detection-with-history/history/historyFrame.html, express-installation-with-history/history/historyFrame.html, and no-player-detection-with-history/history/historyFrame.html. Although some browsers, such as Firefox 2.0, may mitigate the risk of exploitation, this vulnerability remains a significant concern for developers and users relying on these products for web application functionality.

References

http://www.adobe.com/support/security/bulletins/apsb08-14...

x_refsource_CONFIRM

http://securitytracker.com/id?1020301

vdb-entryx_refsource_SECTRACK

https://exchange.xforce.ibmcloud.com/vulnerabilities/43150

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 18, 2008
Vulnerability Reserved
Jun 9, 2008