Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-0045

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Jan, 2007 | 20:00
Updated At-07 Aug, 2024 | 12:03
Rejected At-
Credits

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Jan, 2007 | 20:00
Updated At:07 Aug, 2024 | 12:03
Rejected At:
â–¼CVE Numbering Authority (CNA)

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2007-0021.html
vendor-advisory
x_refsource_REDHAT
http://secunia.com/advisories/23691
third-party-advisory
x_refsource_SECUNIA
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
third-party-advisory
x_refsource_CERT
https://rhn.redhat.com/errata/RHSA-2007-0017.html
vendor-advisory
x_refsource_REDHAT
http://www.securityfocus.com/bid/21858
vdb-entry
x_refsource_BID
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
x_refsource_CONFIRM
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
x_refsource_MISC
http://www.securityfocus.com/archive/1/455790/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securitytracker.com/id?1023007
vdb-entry
x_refsource_SECTRACK
http://secunia.com/advisories/23882
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455801/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2007/0032
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/24457
third-party-advisory
x_refsource_SECUNIA
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/455831/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.adobe.com/support/security/bulletins/apsb09-15.html
x_refsource_CONFIRM
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
x_refsource_CONFIRM
http://securityreason.com/securityalert/2090
third-party-advisory
x_refsource_SREASON
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
vendor-advisory
x_refsource_SUSE
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
vendor-advisory
x_refsource_SUNALERT
http://secunia.com/advisories/33754
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0957
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/455836/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/23812
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/455906/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securitytracker.com/id?1017469
vdb-entry
x_refsource_SECTRACK
http://www.adobe.com/support/security/advisories/apsa07-01.html
x_refsource_CONFIRM
http://www.adobe.com/support/security/advisories/apsa07-02.html
x_refsource_CONFIRM
http://secunia.com/advisories/23483
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/23877
third-party-advisory
x_refsource_SECUNIA
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
x_refsource_MISC
http://www.adobe.com/support/security/bulletins/apsb07-01.html
x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
vdb-entry
signature
x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
vdb-entry
signature
x_refsource_OVAL
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2009/2898
vdb-entry
x_refsource_VUPEN
http://www.gnucitizen.org/blog/danger-danger-danger/
x_refsource_CONFIRM
http://security.gentoo.org/glsa/glsa-200701-16.xml
vendor-advisory
x_refsource_GENTOO
http://secunia.com/advisories/24533
third-party-advisory
x_refsource_SECUNIA
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
x_refsource_MISC
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
vendor-advisory
x_refsource_SLACKWARE
http://www.kb.cert.org/vuls/id/815960
third-party-advisory
x_refsource_CERT-VN
http://www.securityfocus.com/archive/1/455800/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.wisec.it/vulns.php?page=9
x_refsource_MISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0021.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://secunia.com/advisories/23691
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-286B.html
Resource:
third-party-advisory
x_refsource_CERT
Hyperlink: https://rhn.redhat.com/errata/RHSA-2007-0017.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.securityfocus.com/bid/21858
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
Resource:
x_refsource_MISC
Hyperlink: http://www.securityfocus.com/archive/1/455790/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securitytracker.com/id?1023007
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://secunia.com/advisories/23882
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/455801/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2007/0032
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/24457
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/455831/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://securityreason.com/securityalert/2090
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://secunia.com/advisories/33754
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2007/0957
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/455836/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/23812
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/455906/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securitytracker.com/id?1017469
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-01.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-02.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/23483
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/23877
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Resource:
x_refsource_MISC
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb07-01.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2009/2898
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.gnucitizen.org/blog/danger-danger-danger/
Resource:
x_refsource_CONFIRM
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-16.xml
Resource:
vendor-advisory
x_refsource_GENTOO
Hyperlink: http://secunia.com/advisories/24533
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
Resource:
x_refsource_MISC
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Resource:
vendor-advisory
x_refsource_SLACKWARE
Hyperlink: http://www.kb.cert.org/vuls/id/815960
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://www.securityfocus.com/archive/1/455800/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.wisec.it/vulns.php?page=9
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.redhat.com/support/errata/RHSA-2007-0021.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://secunia.com/advisories/23691
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
third-party-advisory
x_refsource_CERT
x_transferred
https://rhn.redhat.com/errata/RHSA-2007-0017.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securityfocus.com/bid/21858
vdb-entry
x_refsource_BID
x_transferred
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
x_refsource_CONFIRM
x_transferred
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
x_refsource_MISC
x_transferred
http://www.securityfocus.com/archive/1/455790/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securitytracker.com/id?1023007
vdb-entry
x_refsource_SECTRACK
x_transferred
http://secunia.com/advisories/23882
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/455801/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2007/0032
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/24457
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/455831/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.adobe.com/support/security/bulletins/apsb09-15.html
x_refsource_CONFIRM
x_transferred
http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
x_refsource_CONFIRM
x_transferred
http://securityreason.com/securityalert/2090
third-party-advisory
x_refsource_SREASON
x_transferred
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://secunia.com/advisories/33754
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2007/0957
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/455836/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/23812
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/455906/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securitytracker.com/id?1017469
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.adobe.com/support/security/advisories/apsa07-01.html
x_refsource_CONFIRM
x_transferred
http://www.adobe.com/support/security/advisories/apsa07-02.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/23483
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/23877
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
x_refsource_MISC
x_transferred
http://www.adobe.com/support/security/bulletins/apsb07-01.html
x_refsource_CONFIRM
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2009/2898
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.gnucitizen.org/blog/danger-danger-danger/
x_refsource_CONFIRM
x_transferred
http://security.gentoo.org/glsa/glsa-200701-16.xml
vendor-advisory
x_refsource_GENTOO
x_transferred
http://secunia.com/advisories/24533
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
x_refsource_MISC
x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
vendor-advisory
x_refsource_SLACKWARE
x_transferred
http://www.kb.cert.org/vuls/id/815960
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://www.securityfocus.com/archive/1/455800/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.wisec.it/vulns.php?page=9
x_refsource_MISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0021.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://secunia.com/advisories/23691
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-286B.html
Resource:
third-party-advisory
x_refsource_CERT
x_transferred
Hyperlink: https://rhn.redhat.com/errata/RHSA-2007-0017.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/21858
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455790/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securitytracker.com/id?1023007
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://secunia.com/advisories/23882
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455801/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/0032
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/24457
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455831/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://securityreason.com/securityalert/2090
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://secunia.com/advisories/33754
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2007/0957
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455836/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/23812
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455906/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securitytracker.com/id?1017469
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-01.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-02.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/23483
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/23877
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb07-01.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/2898
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.gnucitizen.org/blog/danger-danger-danger/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-16.xml
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: http://secunia.com/advisories/24533
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Resource:
vendor-advisory
x_refsource_SLACKWARE
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/815960
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/455800/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.wisec.it/vulns.php?page=9
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Jan, 2007 | 21:28
Updated At:23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770, and Opera 9.10.8679 on Windows allow remote attackers to inject arbitrary JavaScript and conduct other attacks via a .pdf URL with a javascript: or res: URI with (1) FDF, (2) XML, and (3) XFDF AJAX parameters, or (4) an arbitrarily named name=URI anchor identifier, aka "Universal XSS (UXSS)."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
Adobe Inc.
adobe
>>acrobat>>Versions up to 7.0.8(inclusive)
cpe:2.3:a:adobe:acrobat:*:*:elements:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0
cpe:2.3:a:adobe:acrobat:7.0:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0
cpe:2.3:a:adobe:acrobat:7.0:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.1
cpe:2.3:a:adobe:acrobat:7.0.1:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.1
cpe:2.3:a:adobe:acrobat:7.0.1:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.2
cpe:2.3:a:adobe:acrobat:7.0.2:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.2
cpe:2.3:a:adobe:acrobat:7.0.2:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.3
cpe:2.3:a:adobe:acrobat:7.0.3:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.3
cpe:2.3:a:adobe:acrobat:7.0.3:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.4
cpe:2.3:a:adobe:acrobat:7.0.4:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.4
cpe:2.3:a:adobe:acrobat:7.0.4:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.5
cpe:2.3:a:adobe:acrobat:7.0.5:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.5
cpe:2.3:a:adobe:acrobat:7.0.5:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.6
cpe:2.3:a:adobe:acrobat:7.0.6:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.6
cpe:2.3:a:adobe:acrobat:7.0.6:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.7
cpe:2.3:a:adobe:acrobat:7.0.7:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.7
cpe:2.3:a:adobe:acrobat:7.0.7:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.8
cpe:2.3:a:adobe:acrobat:7.0.8:*:professional:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat>>7.0.8
cpe:2.3:a:adobe:acrobat:7.0.8:*:standard:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_3d>>*
cpe:2.3:a:adobe:acrobat_3d:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>Versions up to 7.0.8(inclusive)
cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>6.0
cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>6.0.1
cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>6.0.2
cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>6.0.3
cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>6.0.4
cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>6.0.5
cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0
cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.1
cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.2
cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.3
cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.4
cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.5
cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.6
cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.7
cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*
Adobe Inc.
adobe
>>acrobat_reader>>7.0.8
cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfcve@mitre.org
N/A
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlcve@mitre.org
N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742cve@mitre.org
N/A
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlcve@mitre.org
N/A
http://secunia.com/advisories/23483cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23691cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23812cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23877cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/23882cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/24457cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/24533cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/33754cve@mitre.org
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-16.xmlcve@mitre.org
N/A
http://securityreason.com/securityalert/2090cve@mitre.org
N/A
http://securitytracker.com/id?1017469cve@mitre.org
N/A
http://securitytracker.com/id?1023007cve@mitre.org
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1cve@mitre.org
N/A
http://www.adobe.com/support/security/advisories/apsa07-01.htmlcve@mitre.org
Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa07-02.htmlcve@mitre.org
N/A
http://www.adobe.com/support/security/bulletins/apsb07-01.htmlcve@mitre.org
N/A
http://www.adobe.com/support/security/bulletins/apsb09-15.htmlcve@mitre.org
N/A
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34cve@mitre.org
Exploit
http://www.gnucitizen.org/blog/danger-danger-danger/cve@mitre.org
Exploit
Vendor Advisory
http://www.gnucitizen.org/blog/universal-pdf-xss-after-partycve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/815960cve@mitre.org
Third Party Advisory
US Government Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-02.htmlcve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2007-0021.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455790/100/0/threadedcve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/455800/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455801/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455831/100/0/threadedcve@mitre.org
Exploit
http://www.securityfocus.com/archive/1/455836/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/455906/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/21858cve@mitre.org
N/A
http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlcve@mitre.org
US Government Resource
http://www.vupen.com/english/advisories/2007/0032cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0957cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2898cve@mitre.org
Vendor Advisory
http://www.wisec.it/vulns.php?page=9cve@mitre.org
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487cve@mitre.org
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693cve@mitre.org
N/A
https://rhn.redhat.com/errata/RHSA-2007-0017.htmlcve@mitre.org
N/A
http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdfaf854a3a-2127-422b-91ae-364da2661108
N/A
http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/23483af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23691af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23812af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23877af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/23882af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/24457af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/24533af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/33754af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-16.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/2090af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1017469af854a3a-2127-422b-91ae-364da2661108
N/A
http://securitytracker.com/id?1023007af854a3a-2127-422b-91ae-364da2661108
N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.adobe.com/support/security/advisories/apsa07-01.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.adobe.com/support/security/advisories/apsa07-02.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.adobe.com/support/security/bulletins/apsb07-01.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.adobe.com/support/security/bulletins/apsb09-15.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.disenchant.ch/blog/hacking-with-browser-plugins/34af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.gnucitizen.org/blog/danger-danger-danger/af854a3a-2127-422b-91ae-364da2661108
Exploit
Vendor Advisory
http://www.gnucitizen.org/blog/universal-pdf-xss-after-partyaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/815960af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
http://www.mozilla.org/security/announce/2007/mfsa2007-02.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2007-0021.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455790/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/archive/1/455800/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455801/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455831/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/archive/1/455836/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/455906/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/21858af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlaf854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2007/0032af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2007/0957af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2009/2898af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.wisec.it/vulns.php?page=9af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/31271af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693af854a3a-2127-422b-91ae-364da2661108
N/A
https://rhn.redhat.com/errata/RHSA-2007-0017.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/23483
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23691
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23812
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23877
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23882
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24457
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24533
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/33754
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-16.xml
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/2090
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017469
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023007
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-01.html
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-02.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb07-01.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.gnucitizen.org/blog/danger-danger-danger/
Source: cve@mitre.org
Resource:
Exploit
Vendor Advisory
Hyperlink: http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/815960
Source: cve@mitre.org
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0021.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455790/100/0/threaded
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/455800/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455801/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455831/100/0/threaded
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/455836/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455906/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/21858
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-286B.html
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/0032
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/0957
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/2898
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.wisec.it/vulns.php?page=9
Source: cve@mitre.org
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2007-0017.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://googlechromereleases.blogspot.com/2009/01/stable-beta-update-yahoo-mail-and.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00771742
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.suse.com/archive/suse-security-announce/2007-Jan/0012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/23483
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23691
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23812
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23877
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/23882
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24457
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/24533
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/33754
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://security.gentoo.org/glsa/glsa-200701-16.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/2090
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1017469
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securitytracker.com/id?1023007
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.338131
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102847-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.adobe.com/support/security/advisories/apsa07-02.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb07-01.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.adobe.com/support/security/bulletins/apsb09-15.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.disenchant.ch/blog/hacking-with-browser-plugins/34
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.gnucitizen.org/blog/danger-danger-danger/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Vendor Advisory
Hyperlink: http://www.gnucitizen.org/blog/universal-pdf-xss-after-party
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/815960
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
US Government Resource
Hyperlink: http://www.mozilla.org/security/announce/2007/mfsa2007-02.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2007-0021.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455790/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/455800/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455801/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455831/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://www.securityfocus.com/archive/1/455836/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/455906/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/21858
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.us-cert.gov/cas/techalerts/TA09-286B.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.vupen.com/english/advisories/2007/0032
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2007/0957
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2009/2898
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.wisec.it/vulns.php?page=9
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/31271
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6487
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9693
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://rhn.redhat.com/errata/RHSA-2007-0017.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

13364Records found
CVE-2008-6062
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-13.54% / 94.38%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-dreamweavern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3103
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.07% / 78.10%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-connectAdobe Connect 9.6.1 and earlier.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2969
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.23% / 79.58%
||
7 Day CHG~0.00%
Published-15 Feb, 2017 | 06:11
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-campaignAdobe Campaign 16.4 Build 8724 and earlier.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4823
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.67% / 95.25%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4818
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.67% / 95.25%
||
7 Day CHG~0.00%
Published-10 Nov, 2008 | 11:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-3515
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.96% / 83.86%
||
7 Day CHG~0.00%
Published-13 Aug, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-presentern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-3516
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.96% / 83.86%
||
7 Day CHG~0.00%
Published-13 Aug, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-presentern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-2991
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.00% / 86.86%
||
7 Day CHG~0.00%
Published-09 Jul, 2008 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-robohelp_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-2640
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.80% / 86.42%
||
7 Day CHG~0.00%
Published-18 Jun, 2008 | 19:29
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flexflex_buildern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-1202
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.78% / 88.32%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-livecycle_workflown/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-1655
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-27.26% / 96.51%
||
7 Day CHG~0.00%
Published-09 Apr, 2008 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-airflash_playerflexn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-0642
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.28% / 79.99%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in files created by Adobe RoboHelp 6 and 7, possibly involving use of a (1) WebHelp5 (WebHelp5Ext) or (2) WildFire (WildFireExt) extension, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-1280.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-robohelpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-0643
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.80% / 86.42%
||
7 Day CHG~0.00%
Published-12 Mar, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-11285
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.03% / 77.75%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionAdobe ColdFusion Update 4 and earlier versions for ColdFusion 2016 release. Update 12 and earlier versions for ColdFusion 11.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-6637
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-38.24% / 97.32%
||
7 Day CHG~0.00%
Published-04 Jan, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player allow remote attackers to inject arbitrary web script or HTML via a crafted SWF file, related to "pre-generated SWF files" and Adobe Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by CVE-2007-6244.1.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flash_playern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-7884
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.32% / 80.25%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager 6.1 and earlier
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-6934
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 76.13%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-livecycleexperience_manager_formsAdobe Experience Manager Forms 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-4168
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.64% / 71.07%
||
7 Day CHG~0.00%
Published-09 Aug, 2016 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-5860
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.02% / 84.14%
||
7 Day CHG~0.00%
Published-14 Feb, 2007 | 02:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionjrunn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-5859
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.44% / 85.48%
||
7 Day CHG~0.00%
Published-14 Feb, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5005
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.16% / 79.00%
||
7 Day CHG~0.00%
Published-06 Sep, 2018 | 19:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-21043
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.98% / 77.25%
||
7 Day CHG~0.00%
Published-02 Feb, 2021 | 22:29
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reflected Cross-site Scripting (XSS) on version-compare and page-compare tools

ACS Commons version 4.9.2 (and earlier) suffers from a Reflected Cross-site Scripting (XSS) vulnerability in version-compare and page-compare due to invalid JCR characters that are not handled correctly. An attacker could potentially exploit this vulnerability to inject malicious JavaScript content into vulnerable form fields and execute it within the context of the victim's browser. Exploitation of this issue requires user interaction in order to be successful.

Action-Not Available
Vendor-Adobe Inc.
Product-adobe_consulting_services_commonsExperience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4930
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.02% / 77.64%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager AEM 6.3 and earlier
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4941
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionAdobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4875
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.94% / 76.69%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 05:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager 6.1, 6.0
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4940
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionAdobe ColdFusion ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4876
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.44% / 63.63%
||
7 Day CHG~0.00%
Published-27 Feb, 2018 | 05:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager 6.3, 6.2, 6.1
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4931
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.02% / 77.64%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager AEM 6.1 and earlier
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-4929
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.02% / 77.64%
||
7 Day CHG~0.00%
Published-19 May, 2018 | 17:00
Updated-05 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.2 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager AEM 6.2 and earlier
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19726
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-2461
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-1.07% / 78.11%
||
7 Day CHG~0.00%
Published-01 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-flex_sdkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19727
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-19724
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-28 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 11:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager Forms
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28628
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.3||MEDIUM
EPSS-0.88% / 75.73%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:54
Updated-19 Sep, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager Cross-site Scripting vulnerability in inbox render.jsp

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerExperience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-8052
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.75% / 73.63%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-8053.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15973
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 77.53%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15971
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15969
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.15% / 78.85%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15972
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.82% / 74.87%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-12806
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-0.85% / 75.34%
||
7 Day CHG~0.00%
Published-29 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-28625
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.3||MEDIUM
EPSS-0.88% / 75.73%
||
7 Day CHG~0.00%
Published-24 Aug, 2021 | 17:54
Updated-19 Sep, 2025 | 17:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Experience Manager Cross-site Scripting vulnerability in inbox workitem.jsp

Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerExperience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0345
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.16% / 87.20%
||
7 Day CHG~0.00%
Published-15 Apr, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-coldfusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0344
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.64% / 71.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-connectn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-0343
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 71.37%
||
7 Day CHG~0.00%
Published-13 Jun, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-connectn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2010-2886
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 74.20%
||
7 Day CHG~0.00%
Published-26 Oct, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-robohelprobohelp_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-5315
Matching Score-10
Assigner-JPCERT/CC
ShareView Details
Matching Score-10
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.65% / 71.29%
||
7 Day CHG~0.00%
Published-26 Sep, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-acrobatcoldfusionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0533
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 77.09%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0532
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.47% / 87.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0533.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0531
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-0.97% / 77.09%
||
7 Day CHG~0.00%
Published-11 Jun, 2014 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.

Action-Not Available
Vendor-n/aApple Inc.Linux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xadobe_air_sdkwindowsflash_playerlinux_kerneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-11296
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.47% / 81.34%
||
7 Day CHG~0.00%
Published-09 Dec, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-experience_managerAdobe Experience Manager 6.3, 6.2, 6.1, 6.0
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 267
  • 268
  • Next
Details not found