FlexPaperViewer.swf in Flexpaper prior to 2.3.1 allows remote malicious users to conduct content-spoofing attacks via the Swfile parameter.
flowpaper flexpaper