CVE-2011-2107 — Cross-site Scripting in Adobe Acrobat

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.1%

top 22.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Acrobat Adobe Acrobat Reader Adobe Flash Player

Timeline

PublishedJun 9

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDadobe/flash_player10.3.181.16+87

▶NVDadobe/acrobat10.0.3+19

▶NVDadobe/acrobat_reader10.0.3+19

Patches

Patch: www.adobe.com ↗Patch: www.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-rr7r-vwxf-ff4c: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10↗2022-05-14

▶

VulnCheck

Adobe Flash Player Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2011

▶

📋Vendor Advisories

Red Hat

flash-plugin: Cross-site scripting vulnerability (APSB11-13)↗2011-06-05

▶

💬Community

Bugzilla

CVE-2011-2107 flash-plugin: Cross-site scripting vulnerability (APSB11-13)↗2011-06-06

▶