Cross-Site Scripting Vulnerability in Adobe Flex SDK
CVE-2009-1879

Currently unrated

Key Information:

Vendor: Adobe
Status: Flex Sdk
Vendor: CVE Published:; 21 August 2009

Summary

This vulnerability allows remote attackers to exploit a cross-site scripting (XSS) flaw in the index.template.html of the Adobe Flex SDK express-install templates. If the installed Flash version is older than a specified major version, attackers can inject arbitrary web scripts or HTML through the query string, leading to potential unauthorized actions on behalf of users interacting with affected applications. This presents a significant security risk as it can allow attackers to manipulate web page content and execute malicious scripts in the context of the victim's browser.

References

http://securitytracker.com/id?1022748

vdb-entryx_refsource_SECTRACK

http://www.adobe.com/support/security/bulletins/apsb09-13...

x_refsource_CONFIRM

http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-...

x_refsource_MISC

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 21, 2009
Vulnerability Reserved
Jun 1, 2009