Summary
Magento is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user supplied input.
Impact
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Solution
Ask the Vendor for an update.
Affected
Magento 1.9.0.1
Previous versions may also affected.
Detection
Check the md5sum of the affected .swf files
References
Updated on 2015-03-25