CVE-2016-1036: XSS
First published: Fri Apr 22 2016(Updated: )
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Analytics AppMeasurement for Flash Library | <=4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-1036?
CVE-2016-1036 is considered a medium severity vulnerability due to its potential to allow cross-site scripting attacks.
How do I fix CVE-2016-1036?
To fix CVE-2016-1036, update the Adobe Analytics AppMeasurement for Flash Library to version 4.0.1 or later.
What types of attacks can CVE-2016-1036 lead to?
CVE-2016-1036 can lead to cross-site scripting attacks that allow remote attackers to inject malicious web scripts or HTML.
Which versions of Adobe Analytics AppMeasurement for Flash Library are affected by CVE-2016-1036?
CVE-2016-1036 affects Adobe Analytics AppMeasurement for Flash Library versions prior to 4.0.1 when debugTracking is enabled.
Is CVE-2016-1036 a critical vulnerability?
CVE-2016-1036 is not classified as critical, but it is important to address due to the risks associated with XSS attacks.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/adobe
- canonical/adobe analytics appmeasurement for flash library
- version/adobe analytics appmeasurement for flash library/4.0