CVSS: 4.3EPSS: 3%CPEs: 14EXPL: 2CVE-2011-2461
https://notcve.org/view.php?id=CVE-2011-2461
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Adobe Flex SDK v3.x y v4.x anteriores a v4.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con la carga de módulos desde distintos dominios. • https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461 http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html http://kb2.adobe.com/cps/915/cpsid_91544.html http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html http://secunia.com/advisories/47053 http://www.adobe.com/support/security/bulletins/apsb11-25.html https://threatpost. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •