CVE-2015-1773

Name
CVE-2015-1773
Description
Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 allows remote attackers to inject arbitrary web script or HTML by providing a crafted URI to JavaScript code generated by the asdoc component.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
BUGTRAQ http://seclists.org/bugtraq/2015/Apr/42
CONFIRM https://helpx.adobe.com/security/products/flex/apsb15-08.html
SECTRACK http://www.securitytracker.com/id/1032107
BID http://www.securityfocus.com/bid/73954

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:apache:flex:*:*:*:*:*:*:*:* flex >= None <= 4.14.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
flex edge-main 2.6.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
flex 3.14-main 2.6.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
flex 3.13-main 2.6.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
flex 3.12-main 2.6.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
flex 3.11-main 2.6.4-r2 Natanael Copa <ncopa@alpinelinux.org> fixed
flex 3.15-main 2.6.4-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable