⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2011-2444Cross-site Scripting in Adobe Flash Player

CWE-79Cross-site Scripting5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.01%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Adobe Flash Player
Timeline
PublishedSep 22
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDadobe/flash_player10.3.183.7+95

Patches

Patch: www.adobe.comPatch: www.adobe.com

🔴Vulnerability Details

2
GHSA
GHSA-m398-9jm3-95r6: Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 102022-05-14
VulnCheck
Adobe Flash Player Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')2011

📋Vendor Advisories

1
Red Hat
flash-plugin: Cross-site scripting vulnerability fixed in APSB11-262011-09-21

💬Community

1
Bugzilla
CVE-2011-2444 acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-262011-09-21