Fermiy
commented
7 years ago A parameter called allowScriptAccess governs if the Flash object has access to external scripts. It can have three possible values: never, same domain, always. The default value is sameDomain which means that the SWF must be hosted on the same FQDN as the calling HTML in order to have access to the HTML's DOM. If allowScriptAccess is set to always then the SWF is granted access to the HTML's DOM regardless of where the SWF is hosted.
shanmugam-sekar
Hi! Could you please check for this issue: https://www.owasp.org/index.php/Reviewing_Flash_Applicationsfrom this source: This it vulnerability that can be used in different kind of attacks You are using that in FileAPI.js