Cross-site Scripting Vulnerability in Adobe Dreamweaver's Insert Flash Video Feature
CVE-2008-6062

Currently unrated

Key Information:

Vendor: Adobe
Status: Dreamweaver
Vendor: CVE Published:; 5 February 2009

Summary

A cross-site scripting vulnerability exists within Shockwave Flash (SWF) files created by Adobe Dreamweaver. This issue arises when utilizing the Insert Flash Video feature, allowing remote attackers to inject arbitrary web scripts or HTML through the skinName parameter via an asfunction: URI. This vulnerability poses a significant risk as it can compromise the security of the web application, potentially leading to unauthorized actions or data exposure.

References

http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw

x_refsource_MISC

http://www.adobe.com/support/security/bulletins/apsb07-20...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/249337

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Feb 5, 2009
Vulnerability Reserved
Feb 4, 2009