Required CVE Record Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.
References 7 Total
- http://www.adobe.com/support/security/bulletins/apsb08-14.html
- securitytracker.com: 1020301 vdb-entry
- exchange.xforce.ibmcloud.com: adobeflex-historymanagement-xss(43150) vdb-entry
- secunia.com: 30746 third-party-advisory
- vupen.com: ADV-2008-1862 vdb-entry
- http://blog.watchfire.com/wfblog/2008/06/javascript-code.html
- securityfocus.com: 29778 vdb-entry
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 7 Total
- http://www.adobe.com/support/security/bulletins/apsb08-14.html x_transferred
- securitytracker.com: 1020301 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: adobeflex-historymanagement-xss(43150) vdb-entryx_transferred
- secunia.com: 30746 third-party-advisoryx_transferred
- vupen.com: ADV-2008-1862 vdb-entryx_transferred
- http://blog.watchfire.com/wfblog/2008/06/javascript-code.html x_transferred
- securityfocus.com: 29778 vdb-entryx_transferred