Post XSS on Adobe.com

This was reported on October 20 2012

The first response i received was:

Hi there Anakorn,
Thank you very much for the report and proof-of-concept file.  We are looking into it now, and will let you know if we have any questions. In the meantime, we ask that you do not publicly disclose this potential issue, in order to protect Adobe's customers.  This has been assigned the Adobe tracking number 1398.
 
We appreciate your discretion and cooperation. Please let us know if you have any questions.
 
Thank you again,
Tasha
Adobe Product Security Incident Response Team

I did not received any response after that from the adobe team. I rechecked it again recently and found out that the url no longer exists.
Vuln url:https://www.adobe.com/cfusion/mmform/index.cfm?name=edu_rfi&promoid=KAZIX

Simply insert an xss payload “><script>alert(1)</script> in the First name,last name textbox, etc

What is weird is that it seems like it is fixed now but i never received any more info about it from adobe.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s