CVE-2014-5315: XSS
First published: Fri Sep 26 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Help page in Adobe Acrobat 9.5.2 and earlier and ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe ColdFusion | <=8.0.1 | |
| Adobe ColdFusion | =8.0 | |
| Adobe Acrobat Reader | <=9.5.2 | |
| Adobe Acrobat Reader | =9.0 | |
| Adobe Acrobat Reader | =9.1 | |
| Adobe Acrobat Reader | =9.1.1 | |
| Adobe Acrobat Reader | =9.1.2 | |
| Adobe Acrobat Reader | =9.1.3 | |
| Adobe Acrobat Reader | =9.2 | |
| Adobe Acrobat Reader | =9.3 | |
| Adobe Acrobat Reader | =9.3.1 | |
| Adobe Acrobat Reader | =9.3.2 | |
| Adobe Acrobat Reader | =9.3.3 | |
| Adobe Acrobat Reader | =9.3.4 | |
| Adobe Acrobat Reader | =9.4 | |
| Adobe Acrobat Reader | =9.4.1 | |
| Adobe Acrobat Reader | =9.4.2 | |
| Adobe Acrobat Reader | =9.4.3 | |
| Adobe Acrobat Reader | =9.4.4 | |
| Adobe Acrobat Reader | =9.4.5 | |
| Adobe Acrobat Reader | =9.4.6 | |
| Adobe Acrobat Reader | =9.4.7 | |
| Adobe Acrobat Reader | =9.5 | |
| Adobe Acrobat Reader | =9.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability associated with CVE-2014-5315?
CVE-2014-5315 is a cross-site scripting (XSS) vulnerability in Adobe Acrobat 9.5.2 and earlier as well as ColdFusion 8.0.1 and earlier, allowing remote attackers to inject arbitrary web script or HTML.
What is the severity of CVE-2014-5315?
The severity of CVE-2014-5315 is considered high due to its potential for exploitation by remote attackers to execute malicious scripts.
How do I fix CVE-2014-5315?
To fix CVE-2014-5315, it is recommended to update Adobe Acrobat to version 9.5.3 or later and ColdFusion to version 8.0.2 or later.
Who is affected by CVE-2014-5315?
CVE-2014-5315 affects users running Adobe Acrobat 9.5.2 or earlier and ColdFusion 8.0.1 or earlier.
Is there a workaround for CVE-2014-5315?
A temporary workaround for CVE-2014-5315 would be to limit access to the affected applications or disable JavaScript execution until a patch is applied.
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- agent/first-publish-date
- agent/source
- vendor/adobe
- canonical/adobe coldfusion
- version/adobe coldfusion/8.0.1
- version/adobe coldfusion/8.0
- canonical/adobe acrobat reader
- version/adobe acrobat reader/9.5.2
- version/adobe acrobat reader/9.0
- version/adobe acrobat reader/9.1
- version/adobe acrobat reader/9.1.1
- version/adobe acrobat reader/9.1.2
- version/adobe acrobat reader/9.1.3
- version/adobe acrobat reader/9.2
- version/adobe acrobat reader/9.3
- version/adobe acrobat reader/9.3.1
- version/adobe acrobat reader/9.3.2
- version/adobe acrobat reader/9.3.3
- version/adobe acrobat reader/9.3.4
- version/adobe acrobat reader/9.4
- version/adobe acrobat reader/9.4.1
- version/adobe acrobat reader/9.4.2
- version/adobe acrobat reader/9.4.3
- version/adobe acrobat reader/9.4.4
- version/adobe acrobat reader/9.4.5
- version/adobe acrobat reader/9.4.6
- version/adobe acrobat reader/9.4.7
- version/adobe acrobat reader/9.5
- version/adobe acrobat reader/9.5.1