Cross-Site Scripting Vulnerability in Adobe Flex SDK by Adobe
CVE-2011-2461

Currently unrated

Key Information:

Vendor
Adobe
Status
Flex Sdk
Vendor
CVE Published:
1 December 2011

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 10%

Summary

The Adobe Flex SDK versions 3.x and 4.x prior to 4.6 are susceptible to a cross-site scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML through specific vectors that involve loading modules from different domains. Exploitation of this vulnerability can lead to unauthorized actions being performed on behalf of users, highlighting the importance of maintaining secure coding practices and regular updates to mitigate potential threats.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

ParrotNG
Created by ikkisoft

magento-swf-patched-CVE-2011-2461
Created by u-maxx

CVE-2011-2461_Magento_Patch
Created by edmondscommerce

References

https://threatpost.com/adobe-cve-2011-2461-remains-exploi...
x_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb11-25...
x_refsource_CONFIRM
http://packetstormsecurity.com/files/131376/Magento-eComm...
x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.