Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9677
Reference (s):
- http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/
- MLIST:[oss-security] 20150212 Re: CVE request: Reflected XSS / Content Spoofing in FlexPaper
- URL: http://www.openwall.com/lists/oss-security/2015/02/12/11