0 Replies Latest reply on Jan 21, 2016 2:35 AM by arnab_ray

    DOM Based Cross-Site Scripting in Adobe Flex 3.5B

    arnab_ray

      Hi,

       

      A recent security scan in our organisation revealed that ac_oetags.js file included in Flex SDK 3.5B, dynamically generates vulnerable lines of script. As a result, it makes the application prone to DOM Based Cross-Site Scripting.

       

      Flex SDK Version: 3.5B

      File: ac_oetags.js

      Function: AC_Generateobj

      Line Number: 162

      CVSS Score: 7.5

      Severity: High

       

      Any suggestions/fixes for the vulnerability would be welcomed.

       

      Thanks,

      Arnab Ray