CVE-2011-0604 — Cross-site Scripting in Adobe Acrobat

CWE-79 — Cross-site Scripting7 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

1.3%

top 20.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader

Timeline

PublishedFeb 10

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDadobe/acrobat_reader27 versions+26

▶NVDadobe/acrobat28 versions+27

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-3w5h-vwcq-cggw: Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10↗2022-05-14

▶

GHSA

GHSA-q7vh-mgj9-p32p: Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10↗2022-05-14

▶

📋Vendor Advisories

Red Hat

acroread: multiple XSS flaws (APSB11-03)↗2011-02-08

▶

Red Hat

acroread: multiple XSS flaws (APSB11-03)↗2011-02-08

▶

💬Community

Bugzilla

CVE-2011-0587 CVE-2011-0604 acroread: multiple XSS flaws (APSB11-03)↗2011-02-08

▶