Cross-site Scripting (XSS) Affecting acroread-plugin package, versions <0:9.4.2-3.el6_0


Severity

Recommended
critical

Based on CentOS security rating.

Threat Intelligence

EPSS
0.3% (70th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Cross-site Scripting (XSS) vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CENTOS6-ACROREADPLUGIN-2042635
  • published26 Jul 2021
  • disclosed8 Feb 2011

Introduced: 8 Feb 2011

CVE-2011-0604  (opens in a new tab)
CWE-79  (opens in a new tab)

How to fix?

Upgrade Centos:6 acroread-plugin to version 0:9.4.2-3.el6_0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream acroread-plugin package and not the acroread-plugin package as distributed by Centos. See How to fix? for Centos:6 relevant fixed versions and status.

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.

CVSS Scores

version 3.1