Adobe Flex 3 DOM-based XSS vulnerability

Description

Adobe Flex is an open source application framework for building and maintaining expressive web applications that deploy consistently on all major browsers, desktops, and devices. A potential cross-site scripting vulnerability has been identified in code used by the Flex 3 History Management feature. It is recommended that developers who have History Management enabled in applications developed with Flex 3 update their deployed applications and development environments with the instructions provided below.

Remediation

Adobe Flex 3 users (both Flex 3 SDK and Flex Builder 3) should update their product installations with the Flex 3.0.2 SDK update.

References
Severity
Classification
Tags
  • XSS