CVE-2011-2107

medium

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13762

https://hermes.opensuse.org/messages/8704566

https://exchange.xforce.ibmcloud.com/vulnerabilities/67838

http://www.securitytracker.com/id?1025658

http://www.securitytracker.com/id?1025603

http://www.securityfocus.com/bid/48107

http://www.redhat.com/support/errata/RHSA-2011-0850.html

http://www.blackberry.com/btsc/KB27240

http://www.adobe.com/support/security/bulletins/apsb11-13.html

http://secunia.com/advisories/48308

http://secunia.com/advisories/44946

http://secunia.com/advisories/44872

http://secunia.com/advisories/44871

http://secunia.com/advisories/44847

http://secunia.com/advisories/44846

http://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html

Details

Source: Mitre, NVD

Published: 2011-06-09

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium