Search This Blog

Powered by Blogger.

Blog Archive

Labels

Cross site scripting Vulnerability in Adobe website

A Researcher has discovered Reflected Cross site scripting(XSS) vulnerability in the official website of Adobe Systems Incorporated and submitted the vulnerability to Secureless.

A Researcher has discovered Reflected Cross site scripting(XSS) vulnerability in the official website of Adobe Systems Incorporated and submitted the vulnerability to Secureless.

According to the researcher, the vulnerability has been reported few months ago but there is no response from Adobe.

The  'adobe.com/events/main.jsp?month=' found to be vulnerable to reflected or non-persistent XSS security flaw.  Researcher managed to execute the javascript by injecting the script in the month parameter.

adobe xss vulnerability

The Poc and exploit details has been archived here:
http://secureless.org/vulnerability/2440/
The vulnerability allows a cyber criminal to launch phishing attack , session hijacking, redirecting to malicious sites and more. At the time of writing, The vulnerability is still there.

*Update 1* Today, we got response from Adobe Security Team that they are researching the bug and will fix it soon.

*Update 2 * (12 Dec) The vulnerability has been fixed.
Share it:

Adobe Hacks

Breaking News

IT Security News

Reflected Cross Site scripting

Vulnerability

XSS Vulnerability