CVE Vulnerability

CVE-2008-2640

Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1) client-side-detection-with-history/history/historyFrame.html, (2) express-installation-with-history/history/historyFrame.html, or (3) no-player-detection-with-history/history/historyFrame.html in templates/html-templates/. NOTE: Firefox 2.0 and possibly other browsers prevent exploitation.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

References
Link Resource
http://blog.watchfire.com/wfblog/2008/06/javascript-code.html Exploit
http://www.adobe.com/support/security/bulletins/apsb08-14.html Patch
http://www.securityfocus.com/bid/29778 Patch
http://securitytracker.com/id?1020301
http://secunia.com/advisories/30746 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2008/1862
https://exchange.xforce.ibmcloud.com/vulnerabilities/43150
Configurations

Configuration 1

cpe:2.3:a:adobe:flex_builder:3:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flex:3.0.1:*:sdk:*:*:*:*:*
Information

Published : 2008-06-18 07:41

Updated : 2017-08-08 01:31

NVD link : CVE-2008-2640

Mitre link : CVE-2008-2640

Products Affected
No products.
CWE
CWE-79