Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

Remediation

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

http://moodle.org/mod/forum/discuss.php?d=160910

http://secunia.com/advisories/41955

http://secunia.com/advisories/42271

http://www.bugzilla.org/security/3.2.8/

http://www.openwall.com/lists/oss-security/2010/11/07/1

http://www.securityfocus.com/archive/1/514622

http://www.securityfocus.com/bid/44420

http://www.securitytracker.com/id?1024683

http://www.vupen.com/english/advisories/2010/2878

http://www.vupen.com/english/advisories/2010/2975

http://yuilibrary.com/support/2.8.2/

Related Vulnerabilities

CVE-2014-0075 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2023-41886 Vulnerability in maven package org.openrefine:database

CVE-2011-1184 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2020-9480 Vulnerability in maven package org.apache.spark:spark-network-shuffle_2.10

CVE-2020-2150 Vulnerability in maven package org.jenkins-ci.plugins:quality-gates

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory Patch