Cross-Domain Policy File (crossdomain.xml) Detection

Info Nessus Network Monitor Plugin ID 4505


The remote web server contains a 'crossdomain.xml' file.


The remote web server contains a cross-domain policy file. This is a simple XML file used by Adobe's Flash Player to allow access to data that resides outside the exact web domain from which a Flash movie file originated.


Review the contents of the policy file carefully. Improper policies, especially an unrestricted one with just '*', could allow for cross-site request forgery and cross-site scripting attacks against the web server.

See Also

Plugin Details

Severity: Info

ID: 4505

File Name: 4505.prm

Family: CGI

Published: 2004/08/18

Modified: 2016/11/23

Dependencies: 1442

Nessus ID: 32318

Risk Information

Risk Factor: Info