12 matches found
CVE-2012-5881
CVE-2012-5881 concerns a cross-site scripting (XSS) vulnerability in the YUI library’s Flash component infrastructure (charts.swf) affecting YUI versions 2.4.0–2.9.0. An attacker could inject arbitrary script/HTML via vectors related to charts.swf, allowing execution of code in a victim’s browser...
CVE-2012-5883
CVE-2012-5883 is a cross-site scripting (XSS) vulnerability in the Flash component infrastructure of YUI (versions 2.8.0–2.9.0) used by Bugzilla 3.7.x/4.0.x (before 4.0.9), 4.1.x/4.2.x (before 4.2.4), and 4.3.x/4.4.x (before 4.4rc1). The issue allows remote attackers to inject arbitrary script/HT...
CVE-2012-5882
The CVE-2012-5882 entry covers an XSS vulnerability in the YUI Flash uploader infrastructure. Affected are YUI versions 2.5.0 through 2.9.0; the issue stems from the uploader.swf component, enabling remote attackers to inject arbitrary web script/HTML and execute in a victim’s browser, potentiall...
CVE-2010-4207
The CVE-2010-4207 entry concerns a Cross-site Scripting (XSS) flaw in the YUI Flash-based Chart infrastructure. Affected are YUI library versions 2.4.0 through 2.8.1 (and related charts.swf usage in Bugzilla, Moodle, etc.). Root cause stated in sources is improper validation in the Flash componen...
CVE-2013-4939
The CVE-2013-4939 issue is a Cross-site scripting (XSS) in the io.swf of the Yahoo! YUI IO Utility. Publicly documented in YUI/Moodle use cases, the vulnerable component is io.swf in YUI 3.x (notably 3.0.0 through 3.9.1 as used in Moodle up to various versions). The underlying cause is script/HTM...
CVE-2010-4710
CVE-2010-4710: YUI Library XSS via addItem in the Menu widget, prior to 2.9.0. A field added to a menu can be injected with script/HTML if treated as text instead of HTML, enabling remote script execution in the victim’s browser. The issue is tied to how the field is validated and documented, per...
CVE-2010-4208
CVE-2010-4208 is an XSS vulnerability in the Flash component infrastructure of YUI, specifically in the uploader.swf used by YUI 2.5.0 through 2.8.1 (and related references indicate continued concern up to 2.9.0). The root cause is improper validation in the Flash uploader assets, allowing remote...
CVE-2013-6780
CVE-2013-6780 is a cross-site scripting (XSS) vulnerability in Yahoo! YUI uploader.swf (Uploader component) affecting Yahoo! YUI versions 2.5.0 through 2.9.0. The flaw allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Public writeups reference the vul...
CVE-2013-4940
The CVE-2013-4940 entry represents a cross-site scripting (XSS) vulnerability in the Yahoo! YUI IO Utility component (io.swf) that is triggered via a crafted URL. Affected are Yahoo! YUI 3.10.2 usage and Moodle-integrations up to Moodle 2.1.10, 2.2.x up to 2.2.10/2.2.11, 2.3.x up to 2.3.8, 2.4.x ...
CVE-2010-4209
CVE-2010-4209 is an XSS in the YUI Flash component (swfstore/swfstore.swf) used by Bugzilla 3.7.1–3.7.3 and 4.1 with YUI 2.8.0–2.8.1. The vulnerability allows remote attackers to inject arbitrary scripts/HTML via the swfstore vector. Connected Nessus/OpenVAS/Moodle-related entries corroborate the...
CVE-2013-4941
CVE-2013-4941 describes a Cross-site scripting (XSS) vulnerability in uploader.swf (Uploader component) of Yahoo! YUI 3.2.0–3.9.1, which is used in Moodle up to specific versions. The flaw allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. The affected s...
CVE-2013-4942
CVE-2013-4942 describes a cross-site scripting (XSS) vulnerability in flashuploader.swf, part of the Yahoo! YUI Uploader component (versions 3.5.0 through 3.9.1) that is used in Moodle up to various 2.x releases. The flaw allows remote attackers to inject arbitrary web script or HTML via a crafte...