On my browser I have the addon Retire-js (https://addons.mozilla.org/en-US/firefox/addon/retire-js/), whose purpose is to detect vulnerable js librairies on sites.

On SBI, this addon informs me it has found a vulnérable script:
19857

Here are this vulnerability details:
https://www.cvedetails.com/cve/CVE-2012-5883/

It's a false positive. We are using the fixed uploader.swf since the exploit was published. But thanks for the report anyway. :)

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

Another reason not to have Flash Player installed, even if this vulnerability was first discovered eight years ago.