CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
64.5%
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
Vendor | Product | Version | CPE |
---|---|---|---|
yahoo | yui | * | cpe:2.3:a:yahoo:yui:*:*:*:*:*:*:*:* |
yahoo | yui | 2.2.0 | cpe:2.3:a:yahoo:yui:2.2.0:*:*:*:*:*:*:* |
yahoo | yui | 2.2.2 | cpe:2.3:a:yahoo:yui:2.2.2:*:*:*:*:*:*:* |
yahoo | yui | 2.3.0 | cpe:2.3:a:yahoo:yui:2.3.0:*:*:*:*:*:*:* |
yahoo | yui | 2.3.1 | cpe:2.3:a:yahoo:yui:2.3.1:*:*:*:*:*:*:* |
yahoo | yui | 2.4.0 | cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:* |
yahoo | yui | 2.4.1 | cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:* |
yahoo | yui | 2.5.0 | cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:* |
yahoo | yui | 2.5.1 | cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:* |
yahoo | yui | 2.5.2 | cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:* |