Hello
We conducted a security vulnerability of a web site currently developed using Fusion Charts and the following vulnerability shows up for every swf.
"Fusion Charts - Content Spoofing / XSS
The software Fusion Charts utilizes the FlashVar "dataXML" to allow for dynamic data paths and settings within the generated charts or graphs. The parameter does not currently validate data passed via the "dataXML" and allows an attacker to alter any chart hosted within the current domain and include malicious javascript that will execute when a user interacts with the altered chart."
How can we fix this. Is there a patch or a workaround available?
This question seems similar to the one Michelle posted on November 2nd: Validation For Dataxml Parameter For Pie Swf Files.
Please Advise.
Thanks!
Katia
