4.3

CVE-2014-0562

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

Data is provided by the National Vulnerability Database (NVD)
AdobeAcrobat Reader Version10.0
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.0.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.0.2
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.0.3
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.2
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.3
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.4
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.5
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.6
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.7
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.8
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.9
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.10
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version10.1.11
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.2
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.3
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.4
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.5 Update- SwPlatformwindows
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.6
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.7
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Reader Version11.0.8
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.0
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.0 Update- Editionpro
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.0.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.0.1 Update- Editionpro
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.0.2
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.0.3
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.2
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.3
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.4
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.5
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.6
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.7
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.8
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.9
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.10
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version10.1.11
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.1
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.2
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.3
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.4
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.5 Update- SwPlatformwindows
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.6
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.7
   ApplemacOS X
   MicrosoftWindows
AdobeAcrobat Version11.0.8
   ApplemacOS X
   MicrosoftWindows
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.57% 0.677
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.