CVE-2008-4818

2008-11-1014:12:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4818

cross-site scripting

xss

adobe flash player

remote code injection

http response headers

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.3%

JSON

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.

CPENameOperatorVersion
adobe:flash_playeradobe flash playereq9.0.16
adobe:flash_playeradobe flash playereq9.0.48.0
adobe:flash_playeradobe flash playerle9.0.124.0
adobe:flash_playeradobe flash playereq9.0.18d60
adobe:flash_playeradobe flash playereq9.0.47.0
adobe:flash_playeradobe flash playereq9.0.28.0
adobe:flash_playeradobe flash playereq9.0.114.0
adobe:flash_playeradobe flash playereq9.0.20.0
adobe:flash_playeradobe flash playereq9.0.31.0
adobe:flash_playeradobe flash playereq9.0.112.0

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	eq	9.0.16
adobe:flash_player	adobe flash player	eq	9.0.48.0
adobe:flash_player	adobe flash player	le	9.0.124.0
adobe:flash_player	adobe flash player	eq	9.0.18d60
adobe:flash_player	adobe flash player	eq	9.0.47.0
adobe:flash_player	adobe flash player	eq	9.0.28.0
adobe:flash_player	adobe flash player	eq	9.0.114.0
adobe:flash_player	adobe flash player	eq	9.0.20.0
adobe:flash_player	adobe flash player	eq	9.0.31.0
adobe:flash_player	adobe flash player	eq	9.0.112.0