0 Replies Latest reply on Jan 21, 2016 2:35 AM by arnab_ray

    DOM Based Cross-Site Scripting in Adobe Flex 3.5B




      A recent security scan in our organisation revealed that ac_oetags.js file included in Flex SDK 3.5B, dynamically generates vulnerable lines of script. As a result, it makes the application prone to DOM Based Cross-Site Scripting.


      Flex SDK Version: 3.5B

      File: ac_oetags.js

      Function: AC_Generateobj

      Line Number: 162

      CVSS Score: 7.5

      Severity: High


      Any suggestions/fixes for the vulnerability would be welcomed.



      Arnab Ray