A few meetings ago i gave a demo on uploading a flash file to file hosting sites that contains a evil XSS payload. Here is my write up on it.
I started messing around in actionscript and came up with this:
After compiling it and uploading, when viewing the preview page I was greeted with a prompt box that had the contents of my cookie for that domain and it was displayed in text with in the flash embed! So, just like that we are able to manufacture a XSS vulnerability on a application that is otherwise secure.
Here is one example – http://www.ziddu.com/viewfile/22413513/xss.swf.html
Here is another – http://swfchan.org/2335/xss.swf