Lucene search
HistoryNov 16, 2012 - 12:24 p.m.
CVE-2012-5881
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.003
Percentile
71.1%
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
Affected configurations
Node
yahooyuiMatch2.4.0
ORyahooyuiMatch2.4.1
ORyahooyuiMatch2.5.0
ORyahooyuiMatch2.5.1
ORyahooyuiMatch2.5.2
ORyahooyuiMatch2.6.0
ORyahooyuiMatch2.7.0
ORyahooyuiMatch2.8.0
ORyahooyuiMatch2.8.1
ORyahooyuiMatch2.8.1pr1
ORyahooyuiMatch2.8.2
ORyahooyuiMatch2.9.0
ORyahooyuiMatch2.9.0pr2
ORyahooyuiMatch2.9.0pr4
| Vendor | Product | Version | CPE |
|---|---|---|---|
| yahoo | yui | 2.4.0 | cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:* |
| yahoo | yui | 2.4.1 | cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:* |
| yahoo | yui | 2.5.0 | cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:* |
| yahoo | yui | 2.5.1 | cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:* |
| yahoo | yui | 2.5.2 | cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:* |
| yahoo | yui | 2.6.0 | cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:* |
| yahoo | yui | 2.7.0 | cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:* |
| yahoo | yui | 2.8.0 | cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:* |
| yahoo | yui | 2.8.1 | cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:* |
| yahoo | yui | 2.8.1 | cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:* |
Related
ubuntucve
ubuntucve
CVE-2012-5881
2012-11-16 00:00:00
CVE-2010-4207
2010-11-07 00:00:00
github
github
Cross-site scripting in yui 2.4.0
2022-05-17 01:38:30
osv
osv
Cross-site scripting in yui 2.4.0
2022-05-17 01:38:30
cve
cve
prion
prion
Cross site scripting
2012-11-16 12:24:00
Cross site scripting
2010-11-07 22:00:00
Design/Logic Flaw
2010-11-07 22:00:00
cvelist
cvelist
CVE-2012-5881
2012-11-16 11:00:00
CVE-2010-4207
2010-11-07 21:00:00
openvas
openvas
FreeBSD Ports: yahoo-ui
2012-12-04 00:00:00
FreeBSD Ports: yahoo-ui
2012-12-04 00:00:00
FreeBSD Ports: yahoo-ui
2011-01-24 00:00:00
nvd
nvd
freebsd
freebsd
YUI JavaScript library -- JavaScript injection exploits in Flash components
2012-10-30 00:00:00
YUI JavaScript library -- JavaScript injection exploits in Flash components
2010-10-25 00:00:00
bugzilla -- multiple vulnerabilities
2012-11-13 00:00:00
nessus
nessus
FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (aa4f86af-3172-11e2-ad21-20cf30e32f6d)
2012-11-28 00:00:00
FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (d560b346-08a2-11e0-bcca-0050568452ac)
2010-12-16 00:00:00
Fedora 12 : moodle-1.9.10-1.fc12 (2010-16845)
2010-11-15 00:00:00
ibm
ibm
typo3
typo3
Multiple Vulnerabilities in TYPO3 CMS
2014-05-22 00:00:00
fedora
fedora
[SECURITY] Fedora 14 Update: moodle-1.9.10-1.fc14
2010-11-13 22:05:01
[SECURITY] Fedora 12 Update: moodle-1.9.10-1.fc12
2010-11-13 22:05:34
[SECURITY] Fedora 13 Update: moodle-1.9.10-1.fc13
2010-11-13 22:06:37
oracle
oracle
Oracle Critical Patch Update Advisory - April 2017
2017-04-18 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.003
Percentile
71.1%
Related for NVD:CVE-2012-5881