Lucene search
K

12 matches found

CVE
CVE
added 2012/11/16 11:0 a.m.191 views

CVE-2012-5881

CVE-2012-5881 concerns a cross-site scripting (XSS) vulnerability in the YUI library’s Flash component infrastructure (charts.swf) affecting YUI versions 2.4.0–2.9.0. An attacker could inject arbitrary script/HTML via vectors related to charts.swf, allowing execution of code in a victim’s browser...

4.3CVSS6.9AI score0.02454EPSS
CVE
CVE
added 2012/11/16 11:0 a.m.191 views

CVE-2012-5883

CVE-2012-5883 is a cross-site scripting (XSS) vulnerability in the Flash component infrastructure of YUI (versions 2.8.0–2.9.0) used by Bugzilla 3.7.x/4.0.x (before 4.0.9), 4.1.x/4.2.x (before 4.2.4), and 4.3.x/4.4.x (before 4.4rc1). The issue allows remote attackers to inject arbitrary script/HT...

4.3CVSS7AI score0.02105EPSS
CVE
CVE
added 2012/11/16 11:0 a.m.182 views

CVE-2012-5882

The CVE-2012-5882 entry covers an XSS vulnerability in the YUI Flash uploader infrastructure. Affected are YUI versions 2.5.0 through 2.9.0; the issue stems from the uploader.swf component, enabling remote attackers to inject arbitrary web script/HTML and execute in a victim’s browser, potentiall...

4.3CVSS6.9AI score0.02404EPSS
CVE
CVE
added 2010/11/07 9:0 p.m.107 views

CVE-2010-4207

The CVE-2010-4207 entry concerns a Cross-site Scripting (XSS) flaw in the YUI Flash-based Chart infrastructure. Affected are YUI library versions 2.4.0 through 2.8.1 (and related charts.swf usage in Bugzilla, Moodle, etc.). Root cause stated in sources is improper validation in the Flash componen...

4.3CVSS5.8AI score0.04309EPSS
CVE
CVE
added 2013/07/26 10:0 p.m.98 views

CVE-2013-4939

The CVE-2013-4939 issue is a Cross-site scripting (XSS) in the io.swf of the Yahoo! YUI IO Utility. Publicly documented in YUI/Moodle use cases, the vulnerable component is io.swf in YUI 3.x (notably 3.0.0 through 3.9.1 as used in Moodle up to various versions). The underlying cause is script/HTM...

4.3CVSS5.5AI score0.01492EPSS
CVE
CVE
added 2011/01/28 8:29 p.m.83 views

CVE-2010-4710

CVE-2010-4710: YUI Library XSS via addItem in the Menu widget, prior to 2.9.0. A field added to a menu can be injected with script/HTML if treated as text instead of HTML, enabling remote script execution in the victim’s browser. The issue is tied to how the field is validated and documented, per...

4.3CVSS6.2AI score0.0223EPSS
CVE
CVE
added 2010/11/07 9:0 p.m.80 views

CVE-2010-4208

CVE-2010-4208 is an XSS vulnerability in the Flash component infrastructure of YUI, specifically in the uploader.swf used by YUI 2.5.0 through 2.8.1 (and related references indicate continued concern up to 2.9.0). The root cause is improper validation in the Flash uploader assets, allowing remote...

4.3CVSS5.8AI score0.04272EPSS
CVE
CVE
added 2013/11/13 3:0 p.m.80 views

CVE-2013-6780

CVE-2013-6780 is a cross-site scripting (XSS) vulnerability in Yahoo! YUI uploader.swf (Uploader component) affecting Yahoo! YUI versions 2.5.0 through 2.9.0. The flaw allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Public writeups reference the vul...

4.3CVSS5.5AI score0.02417EPSS
CVE
CVE
added 2013/07/26 10:0 p.m.68 views

CVE-2013-4940

The CVE-2013-4940 entry represents a cross-site scripting (XSS) vulnerability in the Yahoo! YUI IO Utility component (io.swf) that is triggered via a crafted URL. Affected are Yahoo! YUI 3.10.2 usage and Moodle-integrations up to Moodle 2.1.10, 2.2.x up to 2.2.10/2.2.11, 2.3.x up to 2.3.8, 2.4.x ...

4.3CVSS5.5AI score0.01492EPSS
CVE
CVE
added 2010/11/07 9:0 p.m.65 views

CVE-2010-4209

CVE-2010-4209 is an XSS in the YUI Flash component (swfstore/swfstore.swf) used by Bugzilla 3.7.1–3.7.3 and 4.1 with YUI 2.8.0–2.8.1. The vulnerability allows remote attackers to inject arbitrary scripts/HTML via the swfstore vector. Connected Nessus/OpenVAS/Moodle-related entries corroborate the...

4.3CVSS5.4AI score0.04272EPSS
CVE
CVE
added 2013/07/26 10:0 p.m.64 views

CVE-2013-4941

CVE-2013-4941 describes a Cross-site scripting (XSS) vulnerability in uploader.swf (Uploader component) of Yahoo! YUI 3.2.0–3.9.1, which is used in Moodle up to specific versions. The flaw allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. The affected s...

4.3CVSS5.8AI score0.01187EPSS
CVE
CVE
added 2013/07/26 10:0 p.m.62 views

CVE-2013-4942

CVE-2013-4942 describes a cross-site scripting (XSS) vulnerability in flashuploader.swf, part of the Yahoo! YUI Uploader component (versions 3.5.0 through 3.9.1) that is used in Moodle up to various 2.x releases. The flaw allows remote attackers to inject arbitrary web script or HTML via a crafte...

4.3CVSS5.8AI score0.01187EPSS