CVE-2012-0767
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 18, 2012
- Published Date
- February 16, 2012
- Last Updated
- February 04, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012.
CVSS Scores
CVSS v3.1
6.1 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SSVC Information
- Exploitation
- active
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2022-06-08 00:00:00 UTC) Source
References
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
http://security.gentoo.org/glsa/glsa-201204-07.xml
http://secunia.com/advisories/48265
http://www.adobe.com/support/security/bulletins/apsb12-03.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14806
http://rhn.redhat.com/errata/RHSA-2012-0144.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15933
http://secunia.com/advisories/48819
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-06-08 00:00:00 UTC |