CVE-2008-6062

CVE Database · CVE-2008-6062

CVE-2008-6062

· N/AModified

CVSS v3.1

N/A

EPSS

1.66%

Published

Feb 4, 2009

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by Adobe Dreamweaver, when the Insert Flash Video feature is used, allows remote attackers to inject arbitrary web script or HTML via an asfunction: URI in the skinName parameter. NOTE: this may overlap CVE-2007-6242, CVE-2007-6244, or CVE-2007-6637.

Weaknesses (CWE)

CWE-79

Affected Products (1)

adobe · dreamweavervulnerable

References (8)

http://docs.google.com/View?docid=ajfxntc4dmsq_14dt57ssdw

http://www.adobe.com/support/security/bulletins/apsb07-20.html

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/249337

US Government Resource

http://www.securityfocus.com/archive/1/485722/100/100/threaded