Advisory Adobe LiveCycle Workflow XSS Vulnerability

Credit: Dave Lewis
Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Summary Name: Adobe LiveCycle Workflow XSS Vulnerability Release Date: 11 March 2008 Reference: LSD002-2008 CVE Number: CVE-2008-1202 Discover: Dave Lewis Vendor: Adobe Systems Product: LiveCycle Workflow 6.2 Management Web Interface Systems Affected: version 6.2 (as tested) NB. Other versions may be affected. Risk: Important Status: Published Reference: 1) kflow-xss-vulnerability/ 2) Time Line Discovered: 16 January 2008 Reported: 16 January 2008 Fixed: 5 March 2008 Patch Release: 11 March 2008 Published: 11 March 2008 Description The Adobe LiveCycle Workflow management login page contains a vulnerability which is susceptible to a cross site scripting (XSS) attack. Impact: a remote attacker could execute a XSS attack that could pass arbitrary html to the user and capture usernames/passwords. Technical Details Input passed to the URL of the web management login page is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user?s browser session in context of an affected site. Fix Information This issue has been resolved. The patch may be obtained from: Liquidmatrix Security Digest 2255B Queen Street East suite 156 Toronto, Ontario Canada M4E 1G3

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top