The host is installed with Adobe Flash Player through 13.0.0.214 or Adobe AIR before 14.0.0.110 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications, which fails to properly handle the unknown vectors. Successful exploitation allows attackers to inject arbitrary web script or HTML.