[email protected]CVE-2008-6062

HistoryFeb 05, 2009 - 1:30 a.m.

CVE-2008-6062

2009-02-0501:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-6062

cross-site scripting

xss

adobe dreamweaver

swf

flash

cve-2007-6242

cve-2007-6244

cve-2007-6637

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.

CPENameOperatorVersion
adobe:dreamweaveradobe dreamweavereq*

CPE	Name	Operator	Version
adobe:dreamweaver	adobe dreamweaver	eq	*

References

docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw

www.adobe.com/support/security/bulletins/apsb07-20.html

www.kb.cert.org/vuls/id/249337

www.securityfocus.com/archive/1/485722/100/100/threaded

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

73.1%

JSON

Related for CVE-2008-6062

prion4 securityvulns4 cve3 ubuntucve2 checkpoint_advisories2 seebug3 cert1 zdi1 openvas13 nessus11 redhat2 suse2 gentoo2 freebsd1