Description
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.
Exploits (3)
nomisec
WRITEUP
by edmondscommerce · poc
https://github.com/edmondscommerce/CVE-2011-2461_Magento_Patch
References (7)
Core 7
Core References
Various Sources x_refsource_misc
https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754
Vendor Advisory x_refsource_confirm
http://www.adobe.com/support/security/bulletins/apsb11-25.html
Exploit x_refsource_misc
http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47053
Various Sources x_refsource_misc
http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html
Various Sources x_refsource_confirm
http://kb2.adobe.com/cps/915/cpsid_91544.html
Various Sources x_refsource_misc
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
Scores
EPSS
0.0107
EPSS Percentile
77.8%
Details
CWE
CWE-79
Status
published
Products (14)
adobe/flex_sdk
3.0
adobe/flex_sdk
3.0.1
adobe/flex_sdk
3.1
adobe/flex_sdk
3.2
adobe/flex_sdk
3.3
adobe/flex_sdk
3.4
adobe/flex_sdk
3.4.1
adobe/flex_sdk
3.5
adobe/flex_sdk
3.5a
adobe/flex_sdk
3.6
... and 4 more
Published
Dec 01, 2011
Tracked Since
Feb 18, 2026