Support
Eng
òÕÓ
Company
Home
Services
Solutions
Documentation
News and Events
 
 
 
Knowledgebase
Downloads
Glossary
Ask a Question
Search:     Advanced search
SHALB.com / Security Knowledgebase / Network Security / CGI abuses XSS / Adobe Flex History Management Cross-Site Scripting
server monitoring

Adobe Flex History Management Cross-Site Scripting
Article ID: 33220
Last updated: 27 Jan, 2009
Print
Email to friend
Views: 652
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.

Adobe Flex History Management Cross-Site Scripting
This script is Copyright (C) 2008 Tenable Network Security, Inc.

FamilyCGI abuses : XSS
Plugin ID33220
Bugtraq ID29778
CVE IDCVE-2008-2640

Description:

Synopsis :

The remote web server contains HTML documents that are affected by a
cross-site scripting vulnerability.

Description :

The remote host contains one or more HTML documents associated with
Adobe Flex 3s History Management Feature and affected by a DOM-based
cross-site scripting vulnerability. Due to its failure to sanitize
user input, an attacker may be able to leverage this issue to inject
arbitrary HTML and script code into a users browser to be executed
within the security context of the affected site, possibly by using
JavaScript code flow manipulation techniques.

See also :

http://blog.watchfire.com/wfblog/2008/06/javascript-code.html
http://www.adobe.com/support/security/bulletins/apsb08-14.html

Solution :

Replace the affected file(s) with an instance of historyFrame.html
from the Flex 3.0.2 update as discussed in the vendor advisory above.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
This article was:   Helpful | Not Helpful
Prev   Next
JAWS HTML injection vulnerabilities     IMP Content-Type XSS Vulnerability

server monitoring

¿ 2010 "SHALB.com" All rights reserved
SHALB Home
Services
Solutions
Documentation
News and Events