US-CERT Computer Emergency Readiness Team Flash File Cross-Site Scripting Vulnerabilities Flash File Cross-Site Scripting Vulnerabilities |
|
US-CERT is aware of reported vulnerabilities in Flash (SWF) files that may allow a remote, unauthenticated attacker to conduct cross-site scripting attacks on a vulnerable system. The flaws exist in the way that input is validated when passed to embedded ActionsScript and JavaScript in the SWF file. Authoring tools that automatically generate Flash files may introduce these vulnerabilities.
|
