Wednesday, September 7, 2011

Several XSS inside Adobe website

all flaws reported 2 months ago and today are still alive!

Proof of Concept:

Note: This is a proof of concept and it doesn't reflect the views or interests of above website!

On June 20th I received an email response from Adobe

cc Adobe PSIRT
data 20 iunie 2011, 23:24
subiect Re: Adobe product security vulnerability feedback form

Thank you very much for the report and proof-of-concepts. We are looking into it now, and will let you know if we have any questions. In the meantime, we ask that you do not publicly disclose this potential issue, in order to protect Adobe's customers.

We appreciate your discretion and cooperation. We will get back to you soon. Please let us know if you have any questions.

Thank you again,

Adobe Product Security Incident Response Team

has passed more than 2 months and still nothing so I decided to disclose this....


Anonymous said...

Here, one more:

Luis Santana said...

Nice find. I've run into a lot of times where similar situations have happened to me. For example:;%3C/script%3E&sort=none

I reported this in my blog June 16th 2010 and it's still vuln over a year later (link to blog post is at )

Sadly it seems that some people just don't care about site security.

gem1210 said...
xss postdata "/>alert(document.cookie);


d3v1l said...

have much more ..shame !