Adobe Flex 3 History Management historyFrame.html XSS

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote web server contains HTML documents that are affected by a
cross-site scripting vulnerability.

Description :

The remote host contains one or more HTML documents associated with
Adobe Flex 3's History Management Feature and affected by a DOM-based
cross-site scripting vulnerability. Due to its failure to sanitize
user input, an attacker may be able to leverage this issue to inject
arbitrary HTML and script code into a user's browser to be executed
within the security context of the affected site, possibly by using
JavaScript code flow manipulation techniques.

See also :

http://blog.watchfire.com/wfblog/2008/06/javascript-code.html
http://www.adobe.com/support/security/bulletins/apsb08-14.html

Solution :

Replace the affected file(s) with an instance of 'historyFrame.html'
from the Flex 3.0.2 update as discussed in the vendor advisory above.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 33220 (adobe_flex_apsb08-14.nasl)

Bugtraq ID: 29778

CVE ID: CVE-2008-2640