2 matches found
CVE-2010-4710
Cross-site scripting XSS vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a...
CVE-2010-4710
CVE-2010-4710: YUI Library XSS via addItem in the Menu widget, prior to 2.9.0. A field added to a menu can be injected with script/HTML if treated as text instead of HTML, enabling remote script execution in the victim’s browser. The issue is tied to how the field is validated and documented, per...