Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1879

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
2.6LOW
EPSS
9.8%
top 7.05%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flex SDK
Timeline
PublishedAug 21
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

NVDadobe/flex_sdk< 3.4

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-v3h9-6vm9-5gp7: Cross-site scripting (XSS) vulnerability in index2022-05-02
CVEList
CVE-2009-1879: Cross-site scripting (XSS) vulnerability in index2009-08-21

💥Exploits & PoCs

1
Exploit-DB
Adobe Flex SDK 3.x - 'index.template.html' Cross-Site Scripting2009-08-19

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Possible Adobe Flex SDK index.template.html Cross Site Scripting Attempt2010-07-30
CVE-2009-1879 (LOW CVSS 2.6) | Cross-site scripting (XSS) vulnerab | cvebase.io