CVE-2010-2179Cross-site Scripting in Adobe AIR

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
22.2%
top 4.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AIRAdobe Flash Player
Timeline
PublishedJun 15
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDadobe/flash_player10.0.0.010.1.53.64+1
NVDadobe/air< 2.0.2.12610

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-9q9v-wxmj-6xqx: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 92022-05-14
CVEList
CVE-2010-2179: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 92010-06-15

📋Vendor Advisories

1
Red Hat
flash-plugin: multiple security flaws (APSB10-14)2010-06-10

💬Community

1
Bugzilla
flash-plugin: multiple security flaws (APSB10-14)2010-06-10
CVE-2010-2179 — Cross-site Scripting in Adobe AIR | cvebase