CVE-2011-2461

CVE Database · CVE-2011-2461

CVE-2011-2461

· N/AModified

CVSS v3.1

N/A

EPSS

7.97%

Published

Dec 1, 2011

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

Weaknesses (CWE)

CWE-79

Affected Products (14)

adobe · flex_sdkvulnerable

· flex_sdk

References (14)

http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html

http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html

http://kb2.adobe.com/cps/915/cpsid_91544.html

http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html

Exploit

http://secunia.com/advisories/47053

http://www.adobe.com/support/security/bulletins/apsb11-25.html

Vendor Advisory

https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754

http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html

http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html

KEV Catalog EPSS Scores Vendors All CVEs