Flex3にクロスサイトの脆弱性が存在するそうです。

APSB08-14 - Update to Flex 3 to address potential cross-site scripting vulnerability
A potential cross-site scripting vulnerability has been identified in code used by the Flex 3 History Management feature. It is recommended that developers who have History Management enabled in applications developed with Flex 3 update their deployed applications and development environments with the instructions provided below.

HistoryManagerらしいです。

• Adobe - Security Advisories : APSB08-14: Update to Flex 3 to address potential cross-site scripting vulnerability

Input validation errors have been identified in code used by Flex 3 History Management which could lead to potential cross-site scripting attacks. Only customers who have used or plan to use the History Manager in Flex 3 may be vulnerable. The Flex 2 History Manager is not vulnerable to this issue. The relevant files that require an update are all of the instances of historyFrame.html. For existing applications using the Flex 3 History Manager, developers and/or site administrators are encouraged to update site assets with the updated file by following the instructions above. This vulnerability is remotely exploitable. Adobe recommends that users who have utilized the Flex 3 History Manager update the applications created with Flex 3 software as well as their Flex 3 product installations with the instructions provided above.

関連URL

• Security Advisory SA30746 - Adobe Flex 3 History Management Cross-Site Scripting Vulnerability - Secunia