Name Cross-Site Scripting Using Flash
Summary An attacker injects malicious script to global parameters in a Flash movie via a crafted URL. The malicious script is executed in the context of the Flash movie. As such, this is a form of Cross-Site Scripting (XSS), but the abilities granted to the Flash movie make this attack more flexible.
Prerequisites
Solutions
Related Weaknesses
CWE ID Description
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Back to Top