Cross-site scripting (XSS) vulnerability in Adobe Reader before 9.4.2 (Linux)ID: oval:org.secpod.oval:def:380 | Date: (C)2011-03-11 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Adobe Reader and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in Adobe Reader before 9.4.2, which is caused by improper validation of user-supplied input, when an unspecified parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. Successful exploitation allows attacker to steal the victim's cookie-based authentication credentials.