CVE-2008-1655 — Cross-site Scripting in Adobe Flash Player

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

27.3%

top 3.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe AIR Adobe Flex

Timeline

PublishedApr 9

Latest updateMay 1

Description

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDadobe/flash_player9.0.115.0

▶NVDadobe/air1.0

▶NVDadobe/flex3.0

🔴Vulnerability Details

GHSA

GHSA-6443-g69m-2px6: Unspecified vulnerability in Adobe Flash Player 9↗2022-05-01

▶

CVEList

CVE-2008-1655: Unspecified vulnerability in Adobe Flash Player 9↗2008-04-09

▶

📋Vendor Advisories

Red Hat

Flash Player DNS rebind flaw↗2008-04-08

▶

💬Community

Bugzilla

CVE-2008-1655 Flash Player DNS rebind flaw↗2008-04-04

▶