Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-MJ87-8XF8-FP4W
HistorySep 01, 2020 - 4:42 p.m.

Cross-Site Scripting in yui

2020-09-0116:42:51
Google
osv.dev
6

0.004 Low

EPSS

Percentile

72.4%

JSON

Affected versions of yui are vulnerable to cross-site scripting in the uploader.swf and io.swf utilities, via script injection in the url.

Recommendation

YUI has published their recommendation to fix this issue.
Their recommendation is to:

  • Delete self-hosted copies of these files if you are not using them
  • Use the Yahoo! CDN hosted files
  • Use the patched files provided on the YUI Library here.
CPENameOperatorVersion
yuilt3.10.3

Related

cvelist 2
cve 2
ubuntucve 2
veracode 1
github 1
prion 2
nvd 2
nodejs 1
cvelist
cvelist
CVE-2013-4939
2013-07-26 22:00:00
CVE-2013-4940
2022-10-03 16:14:58
cve
cve
CVE-2013-4939
2013-07-29 13:59:20
CVE-2013-4940
2022-10-03 16:14:58
ubuntucve
ubuntucve
CVE-2013-4939
2013-07-29 00:00:00
CVE-2013-4940
2013-07-29 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-30 21:28:15
github
github
Cross-Site Scripting in yui
2020-09-01 16:42:51
prion
prion
Cross site scripting
2013-07-29 13:59:00
Cross site scripting
2013-07-29 13:59:00
nvd
nvd
CVE-2013-4939
2013-07-29 13:59:20
CVE-2013-4940
2013-07-29 13:59:20
nodejs
nodejs
Cross-Site Scripting
2017-03-24 17:40:51

0.004 Low

EPSS

Percentile

72.4%

JSON
Related for OSV:GHSA-MJ87-8XF8-FP4W
cvelist2cve2ubuntucve2veracode1github1prion2nvd2nodejs1