Automattic: https://polldaddy.com storage.swf XSS
Hi, I found a flash based XSS located here : https://polldaddy.com/swf/storage.swf?onload=alert1 It happends in the ExternalInterface.Call Function, when a parameter is inserted unfiltered it will allow XSS, you can patch it by only allowing : A-Z a-z 0-9 Best regards, Olivier Beg...