CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
62.0%
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a “universal cross-site scripting issue,” as exploited in the wild in September 2011.
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | flash_player | * | cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* |
adobe | flash_player | 6.0.21.0 | cpe:2.3:a:adobe:flash_player:6.0.21.0:*:*:*:*:*:*:* |
adobe | flash_player | 6.0.79 | cpe:2.3:a:adobe:flash_player:6.0.79:*:*:*:*:*:*:* |
adobe | flash_player | 7.0 | cpe:2.3:a:adobe:flash_player:7.0:*:*:*:*:*:*:* |
adobe | flash_player | 7.0.1 | cpe:2.3:a:adobe:flash_player:7.0.1:*:*:*:*:*:*:* |
adobe | flash_player | 7.0.14.0 | cpe:2.3:a:adobe:flash_player:7.0.14.0:*:*:*:*:*:*:* |
adobe | flash_player | 7.0.19.0 | cpe:2.3:a:adobe:flash_player:7.0.19.0:*:*:*:*:*:*:* |
adobe | flash_player | 7.0.24.0 | cpe:2.3:a:adobe:flash_player:7.0.24.0:*:*:*:*:*:*:* |
adobe | flash_player | 7.0.25 | cpe:2.3:a:adobe:flash_player:7.0.25:*:*:*:*:*:*:* |
adobe | flash_player | 7.0.53.0 | cpe:2.3:a:adobe:flash_player:7.0.53.0:*:*:*:*:*:*:* |
googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
lists.opensuse.org/opensuse-security-announce/2011-09/msg00025.html
secunia.com/advisories/48308
www.adobe.com/support/security/bulletins/apsb11-26.html
www.redhat.com/support/errata/RHSA-2011-1333.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14050
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15272