A Researcher has discovered Reflected Cross site scripting(XSS) vulnerability in the official website of Adobe Systems Incorporated and submitted the vulnerability to Secureless.
According to the researcher, the vulnerability has been reported few months ago but there is no response from Adobe.
The 'adobe.com/events/main.jsp?month=' found to be vulnerable to reflected or non-persistent XSS security flaw. Researcher managed to execute the javascript by injecting the script in the month parameter.
The Poc and exploit details has been archived here:
http://secureless.org/vulnerability/2440/The vulnerability allows a cyber criminal to launch phishing attack , session hijacking, redirecting to malicious sites and more. At the time of writing, The vulnerability is still there.
*Update 1* Today, we got response from Adobe Security Team that they are researching the bug and will fix it soon.
*Update 2 * (12 Dec) The vulnerability has been fixed.
