CVE-2011-2461

N/A Unknown

Published: December 01, 2011 Modified: April 29, 2026

Description

Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html

Source: psirt@adobe.com

http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html

Source: psirt@adobe.com

http://kb2.adobe.com/cps/915/cpsid_91544.html

Source: psirt@adobe.com

http://packetstormsecurity.com/files/131376/Magento-eCommerce-Vulnerable-Adobe-Flex-SDK.html

Source: psirt@adobe.com

Exploit

http://secunia.com/advisories/47053

Source: psirt@adobe.com

http://www.adobe.com/support/security/bulletins/apsb11-25.html

Source: psirt@adobe.com

Vendor Advisory

https://threatpost.com/adobe-cve-2011-2461-remains-exploitable-four-years-after-patch/111754

Source: psirt@adobe.com

http://blog.mindedsecurity.com/2015/03/the-old-is-new-again-cve-2011-2461-is.html