I though it was a thing of the past. If you use embedded flash files on your Site, you should read How Embedded Flaws in Flash Files Allow for Cross Site Scripting Attacks:

An attacker can carry out cross-site scripting (XSS) attacks on a vulnerable system through newly disclosed vulnerabilities in Shockwave Flash (SWF) files.

The flaws, which can be found by the thousand via search engine, are caused by an error in the way that input is validated when passed to embedded ActionScript and JavaScript in Flash files, according to the US-CERT, which warned about the issue in an advisory updated today.

Websites hosting vulnerable Flash files are exploitable by an XSS attack in the context of the domain hosting the vulnerable file, as well as attacks that spoof or modify online content, according to the cybersecurity division of the U.S. Department of Homeland Security.



Return to Home