Cross Site Scripting using Flash
Variants:
Direct
Also Known As:
Flash Injection
Vector Type:
Attack
Relevance:
Technology Specific
Layer:
Application-Level
Platforms:
Adobe Flash Player
Target Type:
Web Application
Affected Mechanisms:
Input Validation, Syntax Escaping, Secure Design
Invented In:
08/02/2010
Added In:
10/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
A cross site scripting attack performed via input affecting global flash variables, which cause the attacker controlled script to be presented in the context and permissions of a flash video.
