Lucene search

PRIOn knowledge basePRION:CVE-2008-2640

HistoryJun 18, 2008 - 7:41 p.m.

Cross site scripting

2008-06-1819:41:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.

CPENameOperatorVersion
flexeq3.0.1 sdk
flex_buildereq3

CPE	Name	Operator	Version
	flex	eq	3.0.1 sdk
	flex_builder	eq	3

References

blog.watchfire.com/wfblog/2008/06/javascript-code.html

secunia.com/advisories/30746

securitytracker.com/id?1020301

www.adobe.com/support/security/bulletins/apsb08-14.html

www.securityfocus.com/bid/29778

www.vupen.com/english/advisories/2008/1862

exchange.xforce.ibmcloud.com/vulnerabilities/43150