vendor:
Flash Player
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Flash Player
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: Unknown
CPE: a:adobe:flash_player
Platforms Tested: Windows, Mac, Linux
Unknown
Adobe Flash Player Cross-Site Scripting Vulnerability
The Adobe Flash Player application fails to properly sanitize user-supplied input, allowing an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable other attacks.
Mitigation:
Adobe has released a security update to address this vulnerability. Users are advised to update to the latest version of Adobe Flash Player.