Adobe » Flash Player : Security Vulnerabilities, CVEs, Published In 2007 (XSS) CVSS score >= 3
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player 9.x up to 9.0.48.0 and 8.x up to 8.0.35.0 allow remote attackers to inject arbitrary web script or HTML via (1) a SWF file that uses the asfunction: protocol or (2) the navigateToURL function when used with the Flash Player ActiveX Control in Internet Explorer.
Max CVSS
4.3
EPSS Score
96.26%
Published
2007-12-20
Updated
2018-10-30
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
Max CVSS
9.3
EPSS Score
2.95%
Published
2007-12-20
Updated
2017-09-29
2 vulnerabilities found