GoogleOSV:GHSA-JJG9-MF63-VQRP

HistoryMay 17, 2022 - 1:38 a.m.

Cross-site scripting in yui 2.4.0

2022-05-1701:38:30

Google

osv.dev

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.

CPENameOperatorVersion
yui2le2.9.0
yui2ge2.4.0

CPE	Name	Operator	Version
	yui2	le	2.9.0
	yui2	ge	2.4.0

References

www.securityfocus.com/bid/56385

www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2

www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2

yuilibrary.com/support/20121030-vulnerability

exchange.xforce.ibmcloud.com/vulnerabilities/80118

nvd.nist.gov/vuln/detail/CVE-2012-5881

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

70.6%

JSON

Related for OSV:GHSA-JJG9-MF63-VQRP