Rich Cannings has published an advisory on the Web Security Mailing List describing a flaw on common flash authoring tools allowing for XSS. From his advisory "THE PROBLEM Many web authoring tools that automatically generate SWFs insert identical and vulnerable ActionScript into all saved SWFs or necessary controller SWFs (think of tools...