Adobe Flex 3 History Management historyFrame.html XSS

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.

Synopsis :

The remote web server contains HTML documents that are affected by a
cross-site scripting vulnerability.

Description :

The remote host contains one or more HTML documents associated with
Adobe Flex 3's History Management Feature and affected by a DOM-based
cross-site scripting vulnerability. Due to its failure to sanitize
user input, an attacker may be able to leverage this issue to inject
arbitrary HTML and script code into a user's browser to be executed
within the security context of the affected site, possibly by using
JavaScript code flow manipulation techniques.

See also :

Solution :

Replace the affected file(s) with an instance of 'historyFrame.html'
from the Flex 3.0.2 update as discussed in the vendor advisory above.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 33220 (adobe_flex_apsb08-14.nasl)

Bugtraq ID: 29778

CVE ID: CVE-2008-2640