$Cross site scripting vulnerability in flowplayer SWF

Description

flowplayer is minimalistic, yet full-featured HTML5/Flash video player. Multiple cross site scripting vulnerabilities were reported in older versions of the flowplayer SWF that may allow an attacker to execute arbitrary Javascript code.

Remediation

Upgrade to the latest version of flowplayer.

References