Flash-based XSS in Nokia's MediaElements component

June 29, 2013

Here I present a (reported) Flash-based XSS vulnerability I discovered in r.nokia.com, requiring no user interaction.



This is a well known vulnerability with MediaElement.js, that has been patched last year from version 2.11.2 (see CVE-2013-1967, GitHub patch commit).

The version running on r.nokia.com used to be 2.9.1, as could be seen in:


( mejs.version="2.9.1"; )

Screenshot using the Chrome debugger:

Screenshot of the XSS vulnerability triggered

Stored XSS in GMail

Flash-based XSS in Yandex's AmCharts component