Faulty Flash app brings XSS to Content Management Systems
14th May, 2010
More websites may be exposed to attack following a Ukrainian security researcher's discovery of a cross-site scripting vulnerability in a widespread Flash application. This week, the researcher announced two more content management systems which use insecure versions of the affected Flash file.
Earlier this year, the author also claimed to have found a similar vulnerability in Flash files used by tag cloud plugins for WordPress, Joomulus, JVClouds3D, Joomla and Blogumus.
Eugene Dokukin, posting as MustLive, noted this week that the same problem also affects the Cumulus tag cloud widget for BlogEngine.NET and Kasseler CMS.
The vulnerability allows arbitrary HTML tags to be injected into the
A simple Google search returns many websites which use vulnerable versions of the Flash tag cloud application. Netcraft provides a range of security testing services to identify and eliminate vulnerabilities such as cross-site scripting.