← Back

CVE-2014-0531

nvd nist
Published: Jun 11, 2014Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.

Affected (35)

Adobe
3 products
Adobe Air
Flash Player
Adobe Air Sdk
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Adobe Air
Up to 13.0.0.111
Adobe Air
Version 13.0.0.83
Configuration B
4 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Up to 13.0.0.214
Flash Player
Version 13.0.0.182
Flash Player
Version 13.0.0.201
Flash Player
Version 13.0.0.206
Running on/withPlatform Versions
Apple
Mac Os X
All versions
Microsoft
Windows
All versions
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Adobe
Adobe Air Sdk
Up to 13.0.0.111
Adobe Air Sdk
Version 13.0.0.83
Configuration D
27 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Adobe
Flash Player
Up to 11.2.202.359
Flash Player
Version 11.2.202.223
Flash Player
Version 11.2.202.228
Flash Player
Version 11.2.202.233
Flash Player
Version 11.2.202.235
Flash Player
Version 11.2.202.236
Flash Player
Version 11.2.202.238
Flash Player
Version 11.2.202.243
Flash Player
Version 11.2.202.251
Flash Player
Version 11.2.202.258
Flash Player
Version 11.2.202.261
Flash Player
Version 11.2.202.262
Flash Player
Version 11.2.202.270
Flash Player
Version 11.2.202.273
Flash Player
Version 11.2.202.275
Flash Player
Version 11.2.202.280
Flash Player
Version 11.2.202.285
Flash Player
Version 11.2.202.291
Flash Player
Version 11.2.202.297
Flash Player
Version 11.2.202.310
Flash Player
Version 11.2.202.332
Flash Player
Version 11.2.202.335
Flash Player
Version 11.2.202.336
Flash Player
Version 11.2.202.341
Flash Player
Version 11.2.202.346
Flash Player
Version 11.2.202.350
Flash Player
Version 11.2.202.356
Running on/withPlatform Versions
Linux
Linux Kernel
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (26)

Source: psirt@adobe.com
PatchVendor Advisory
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: psirt@adobe.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.