CVE-2012-1303

Name of the Vulnerable Software and Affected Versions amCharts Flash 1

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through various parameters, including data file or settings file to ampie.swf, the message element in the chart data parameter to amcolumn.swf, amline.swf, amradar.swf, or amxy.swf, or the settings file parameter to amstock.swf. API Endpoints are not explicitly mentioned, but the parameters data file, settings file, and chart data are vulnerable. The message element within chart data is specifically highlighted as a point of vulnerability.

Recommendations For amCharts Flash 1, consider disabling the use of the data file, settings file, and chart data parameters until a patch is available. Restrict access to the ampie.swf, amcolumn.swf, amline.swf, amradar.swf, amxy.swf, and amstock.swf files to minimize the risk of exploitation. Avoid using the message element within the chart data parameter in the affected SWF files until the issue is resolved.