OkCupid: Rosetta flash vulnerability in clientstats AJAX script

An ajax script on the main okcupid.com domain allows an attacker to set an arbitrary callback function name, allowing exploitation of the Rosetta Flash vulnerability to steal any data from the victim's account. Note that the vulnerability exploits an issue with Flash which was fixed in 14.0.0.176...