Cross-site Scripting
Cross-site scripting (XSS) vulnerability in `flash/FlashMediaElement.as` in `MediaElement.js` allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the `jsinitfunction` parameter, as demonstrated by `jsinitfunctio%gn`."