CVE-2011-2461

Adobe Flex SDK - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

Exploits (3)

nomisec SCANNER 48 stars
by ikkisoft · poc
https://github.com/ikkisoft/ParrotNG
nomisec WRITEUP
by edmondscommerce · poc
https://github.com/edmondscommerce/CVE-2011-2461_Magento_Patch
nomisec WRITEUP
by u-maxx · poc
https://github.com/u-maxx/magento-swf-patched-CVE-2011-2461

References (7)

Scores

EPSS 0.0352
EPSS Percentile 87.5%

Classification

CWE
CWE-79
Status published

Affected Products (15)

adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
adobe/flex_sdk
n/a/n/a

Timeline

Published Dec 01, 2011
Tracked Since Feb 18, 2026