CVE-2008-4823

2008-11-1014:12:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-4823

cross-site scripting

xss

adobe flash player

security vulnerability

actionscript

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.2%

JSON

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.

CPENameOperatorVersion
adobe:flash_playeradobe flash playereq9.0.16
adobe:flash_playeradobe flash playereq9.0.48.0
adobe:flash_playeradobe flash playerle9.0.124.0
adobe:flash_playeradobe flash playereq9.0.18d60
adobe:flash_playeradobe flash playereq9.0.47.0
adobe:flash_playeradobe flash playereq9.0.28.0
adobe:flash_playeradobe flash playereq9.0.114.0
adobe:flash_playeradobe flash playereq9.0.20.0
adobe:flash_playeradobe flash playereq9.0.31.0
adobe:flash_playeradobe flash playereq9.0.112.0

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	eq	9.0.16
adobe:flash_player	adobe flash player	eq	9.0.48.0
adobe:flash_player	adobe flash player	le	9.0.124.0
adobe:flash_player	adobe flash player	eq	9.0.18d60
adobe:flash_player	adobe flash player	eq	9.0.47.0
adobe:flash_player	adobe flash player	eq	9.0.28.0
adobe:flash_player	adobe flash player	eq	9.0.114.0
adobe:flash_player	adobe flash player	eq	9.0.20.0
adobe:flash_player	adobe flash player	eq	9.0.31.0
adobe:flash_player	adobe flash player	eq	9.0.112.0