Vulnerability Details : CVE-2010-2179
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2010-2179
Probability of exploitation activity in the next 30 days: 0.30%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 66 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-2179
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2010-2179
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-2179
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2010:013Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1453
Webmail | OVH- OVHBroken Link
-
http://www.vupen.com/english/advisories/2010/1793
Webmail | OVH- OVHBroken Link
-
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751
Third Party Advisory
-
http://www.vupen.com/english/advisories/2010/1432
Webmail | OVH- OVHBroken Link
-
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0470.html
SupportBroken Link;Third Party Advisory
-
http://securitytracker.com/id?1024085
Adobe Flash Player Multiple Flaws Let Remote Users Execute Arbitary Code, Conduct Cross-Site Scripting Attacks, and Deny Service - SecurityTrackerThird Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201101-09.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201101-09) — Gentoo securityThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/1482
Webmail | OVH- OVHBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/59328
Adobe Flash Player and Air URL cross-site scripting CVE-2010-2179 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://www.us-cert.gov/cas/techalerts/TA10-162A.html
Adobe Flash and AIR Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://support.apple.com/kb/HT4435
We're sorry.Broken Link
-
http://www.vupen.com/english/advisories/2010/1522
Webmail | OVH- OVHBroken Link
-
http://www.vupen.com/english/advisories/2010/1434
Webmail | OVH- OVHBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7126
Repository / Oval RepositoryBroken Link
-
http://securitytracker.com/id?1024086
Adobe AIR Multiple Flaws Let Remote Users Execute Arbitary Code, Conduct Cross-Site Scripting Attacks, and Deny Service - SecurityTrackerBroken Link;VDB Entry
-
http://www.redhat.com/support/errata/RHSA-2010-0464.html
SupportBroken Link;Third Party Advisory
-
http://www.turbolinux.co.jp/security/2010/TLSA-2010-19j.txt
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00000.html
[security-announce] SUSE Security Announcement: flash player (SUSE-SA:20Third Party Advisory
-
http://www.securityfocus.com/bid/40808
Adobe Flash Player and AIR URI Parsing Cross Domain Scripting VulnerabilityBroken Link;VDB Entry
-
http://www.securityfocus.com/bid/40759
RETIRED: Adobe Flash Player 10.0.45.2 and AIR 1.5.3.9130 Multiple Remote VulnerabilitiesBroken Link;VDB Entry
-
http://www.vupen.com/english/advisories/2011/0192
Webmail | OVH- OVHBroken Link
-
http://www.vupen.com/english/advisories/2010/1421
Webmail | OVH- OVHBroken Link
-
http://www.adobe.com/support/security/bulletins/apsb10-14.html
Adobe - Security Bulletins: APSB10-14 Security update available for Adobe Flash PlayerBroken Link;Patch;Third Party Advisory;Vendor Advisory
Products affected by CVE-2010-2179
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*