CVE-2014-5315Cross-site Scripting in Adobe Acrobat

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 29.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe AcrobatAdobe Coldfusion
Timeline
PublishedSep 26
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDadobe/acrobat9.5.2+21
NVDadobe/coldfusion8.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-8w94-gjwj-v63v: Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 92022-05-17
CVEList
CVE-2014-5315: Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 92014-09-26

💥Exploits & PoCs

1
Exploit-DB
AVG Internet Security 2015.0.5315 - Arbitrary Write Privilege Escalation2015-02-04
CVE-2014-5315 — Cross-site Scripting in Adobe Acrobat | cvebase