Oh ok. Well if it falls under the external 3rd party app category there are some fixes on the link i posted above, but it does not sound like that is what you need.
There are a couple of different ways to figure out what exactly is being blocked and by what.
1. Comment out each BPS security filter one by one by adding a # pound sign in front of each one (then test, then comment out, then test, etc) until you find the security filter that is blocking the XML Flash Module.
2. Find the query string or specific file that is being blocked. You would put BPS in Default Mode and take note of the query string or file that is loading in your Browser's address bar. Then put BPS in BulletProof Mode and see what does not happen. by comparing the 2 scenarios you can dial in on what exactly is being blocked.