Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAleksandr Dobkin and Sebastian RoschkeNODEJS:332
HistoryMar 24, 2017 - 5:40 p.m.

Cross-Site Scripting

2017-03-2417:40:51
Aleksandr Dobkin and Sebastian Roschke
www.npmjs.com
47

0.004 Low

EPSS

Percentile

72.4%

JSON

Overview

Affected versions of yui are vulnerable to cross-site scripting in the uploader.swf and io.swf utilities, via script injection in the url.

Recommendation

YUI has published their recommendation to fix this issue.
Their recommendation is to:

  • Delete self-hosted copies of these files if you are not using them
  • Use the Yahoo! CDN hosted files
  • Use the patched files provided on the YUI Library here.

References

CPENameOperatorVersion
yuige3.0.0 <=3.9.1 =3.10.2

Related

prion 4
cve 4
ubuntucve 4
nvd 4
cvelist 4
osv 1
veracode 1
github 1
prion
prion
Cross site scripting
2013-07-29 13:59:00
Cross site scripting
2013-07-29 13:59:00
Cross site scripting
2013-07-29 13:59:00
cve
cve
CVE-2013-4940
2022-10-03 16:14:58
CVE-2013-4941
2022-10-03 16:14:57
CVE-2013-4942
2022-10-03 16:14:57
ubuntucve
ubuntucve
CVE-2013-4940
2013-07-29 00:00:00
CVE-2013-4942
2013-07-29 00:00:00
CVE-2013-4941
2013-07-29 00:00:00
nvd
nvd
CVE-2013-4940
2013-07-29 13:59:20
CVE-2013-4941
2013-07-29 13:59:20
CVE-2013-4939
2013-07-29 13:59:20
cvelist
cvelist
CVE-2013-4940
2022-10-03 16:14:58
CVE-2013-4941
2022-10-03 16:14:57
CVE-2013-4939
2013-07-26 22:00:00
osv
osv
Cross-Site Scripting in yui
2020-09-01 16:42:51
veracode
veracode
Cross-site Scripting (XSS)
2017-07-30 21:28:15
github
github
Cross-Site Scripting in yui
2020-09-01 16:42:51

0.004 Low

EPSS

Percentile

72.4%

JSON
Related for NODEJS:332
prion4cve4ubuntucve4nvd4cvelist4osv1veracode1github1