Automattic: https://polldaddy.com storage.swf XSS

Hi, I found a flash based XSS located here : https://polldaddy.com/swf/storage.swf?onload=alert1 It happends in the ExternalInterface.Call Function, when a parameter is inserted unfiltered it will allow XSS, you can patch it by only allowing : A-Z a-z 0-9 Best regards, Olivier Beg...

DEBIAN-CVE-2012-3414

Cross-site scripting XSS vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the...