Cross-site Scripting (XSS) in EasyXDM prior to 2.4.18 allows remote malicious users to inject arbitrary web script or html via the easyxdm.swf file.
easyxdm easyxdm