Adobe Acrobat Reader Plugin 7.0.x - 'acroreader' Cross-Site Scripting
| EKU-ID: 11067 | CVE: CVE-2007-0046 | OSVDB-ID: |
| Author: Stefano Di Paola | Published: 2007-01-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 11067 | CVE: CVE-2007-0046 | OSVDB-ID: |
| Author: Stefano Di Paola | Published: 2007-01-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Stefano Di Paola # http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. Example: - http://[host]/[filename].pdf#[some text]=javascript:[code] # milw0rm.com [2007-01-05]