The AppScan test response contained a flash object with the AllowScriptAccess parameter set to
always. It may be possible to steal or manipulate customer session and cookies, which might be used
to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform
transactions as that user. It is recommended to Set the AllowScriptAccess parameter to
'sameDomain' which tells the Flash Player that only SWF files loaded from the same domain as the
parent SWF will have script access to the hosting web page.
http://Domain name/theme/yui_combo.php