4.3
CVE-2014-0531
- EPSS 1.01%
- Published 11.06.2014 10:57:17
- Last modified 12.04.2025 10:46:40
- Source psirt@adobe.com
- Teams watchlist Login
- Open Login
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.
Data is provided by the National Vulnerability Database (NVD)
Adobe ≫ Adobe Air Sdk Version <= 13.0.0.111
Adobe ≫ Adobe Air Sdk Version13.0.0.83
Adobe ≫ Flash Player Version <= 11.2.202.359
Adobe ≫ Flash Player Version11.2.202.223
Adobe ≫ Flash Player Version11.2.202.228
Adobe ≫ Flash Player Version11.2.202.233
Adobe ≫ Flash Player Version11.2.202.235
Adobe ≫ Flash Player Version11.2.202.236
Adobe ≫ Flash Player Version11.2.202.238
Adobe ≫ Flash Player Version11.2.202.243
Adobe ≫ Flash Player Version11.2.202.251
Adobe ≫ Flash Player Version11.2.202.258
Adobe ≫ Flash Player Version11.2.202.261
Adobe ≫ Flash Player Version11.2.202.262
Adobe ≫ Flash Player Version11.2.202.270
Adobe ≫ Flash Player Version11.2.202.273
Adobe ≫ Flash Player Version11.2.202.275
Adobe ≫ Flash Player Version11.2.202.280
Adobe ≫ Flash Player Version11.2.202.285
Adobe ≫ Flash Player Version11.2.202.291
Adobe ≫ Flash Player Version11.2.202.297
Adobe ≫ Flash Player Version11.2.202.310
Adobe ≫ Flash Player Version11.2.202.332
Adobe ≫ Flash Player Version11.2.202.335
Adobe ≫ Flash Player Version11.2.202.336
Adobe ≫ Flash Player Version11.2.202.341
Adobe ≫ Flash Player Version11.2.202.346
Adobe ≫ Flash Player Version11.2.202.350
Adobe ≫ Flash Player Version11.2.202.356
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.01% | 0.764 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.