CIVI-SA-2013-002 - OpenFlashChart XSS
CiviCRM v3.1.0 - v4.2.9, v4.3.0 - v4.3.3
CiviCRM v4.2.10 and v4.3.4
Any ONE of the following solutions will provide protection:
- Upgrade to CiviCRM v4.3.4 or 4.2.10
- Upgrade the OpenFlashChart program included with your version of CiviCRM by downloading a security update and replacing the file "packages/OpenFlashChart/open-flash-chart.swf"
- Remove the file "packages/OpenFlashChart/open-flash-chart.swf". (This will break reports and dashboards.)