CVSS: 6.1EPSS: 10%CPEs: 14EXPL: 4CVE-2011-2461 – Magento eCommerce Vulnerable Adobe Flex SDK
https://notcve.org/view.php?id=CVE-2011-2461
01 Dec 2011 — Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flex SDK v3.x y v4.x anteriores a v4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con la carga de módulos desde distintos dominios. Magento eC... • https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 9%CPEs: 1EXPL: 2CVE-2009-1879 – Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1879
21 Aug 2009 — Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.template.html en las plantillas express-install en el SDK de Adobe Flex en versiones anteriores a la 3.4, cuando la versión de Flas... • https://www.exploit-db.com/exploits/33180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •