Description
Adobe Flex is an open source application framework for building and maintaining expressive web applications that deploy consistently on all major browsers, desktops, and devices. A potential cross-site scripting vulnerability has been identified in code used by the Flex 3 History Management feature. It is recommended that developers who have History Management enabled in applications developed with Flex 3 update their deployed applications and development environments with the instructions provided below.
Remediation
Adobe Flex 3 users (both Flex 3 SDK and Flex Builder 3) should update their product installations with the Flex 3.0.2 SDK update.
References
Update to Flex 3 to address potential cross-site scripting vulnerability
JavaScript Code Flow Manipulation, and a real world example advisory - Adobe Flex 3 Dom-Based XSS
Related Vulnerabilities
WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (2.2.7)
WordPress Plugin Yoast SEO Cross-Site Scripting (21.0)
WordPress Plugin WP-VR-view-Add Photo Sphere, 360 video to WordPress Cross-Site Scripting (1.6)
WordPress Plugin WP Mailster Cross-Site Scripting (1.5.4.0)
WordPress Plugin Login/Signup Popup (Inline Form + Woocommerce) Cross-Site Scripting (1.4)