Excerpt:
Impact Pro v11 enables users to exploit Persistent (or Stored) XSS vulnerabilities. Persistent XSS is an insidious form of attack because it implants the vulnerable Web application with malicious code, which subsequently runs against end user browsers that load the application. For instance, an attacker could target a vulnerable blog by adding a comment containing exploit script. As end users view the blog in their browsers, the script would run against their systems. Since Persistent XSS doesn't require phishing to target end users, it can affect a larger population in a much more subversive way.
Cross-Site Scripting (XSS) detection and exploitation for Adobe Flash objects is new for Impact Pro and extends the capabilities of the Web application test vector by targeting dynamic Flash content in addition to static HTML applications.
Source: Enterprise Systems
