2 results (0.016 seconds)

CVSS: 4.3EPSS: 3%CPEs: 14EXPL: 2

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flex SDK v3.x y v4.x anteriores a v4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con la carga de módulos desde distintos dominios. • https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461 http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://kb2.adobe.com/cps/915/cpsid_91544.html http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html http://secunia.com/advisories/47053 http://www.adobe.com/support/security/bulletins/apsb11-25.html https://threatpost. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.template.html en las plantillas express-install en el SDK de Adobe Flex en versiones anteriores a la 3.4, cuando la versión de Flash instalada es anterior a la especificada en el valor requiredMajorVersion, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante la cadena de petición. • https://www.exploit-db.com/exploits/33180 http://secunia.com/advisories/36374 http://securitytracker.com/id?1022748 http://www.adobe.com/support/security/bulletins/apsb09-13.html http://www.gdssecurity.com/l/b/2009/08/20/adobe-flex-3-3-sdk-dom-based-xss http://www.securityfocus.com/archive/1/505948/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/52608 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •