Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

Remediation

References

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

http://moodle.org/mod/forum/discuss.php?d=160910

http://secunia.com/advisories/41955

http://secunia.com/advisories/42271

http://www.bugzilla.org/security/3.2.8/

http://www.openwall.com/lists/oss-security/2010/11/07/1

http://www.securityfocus.com/archive/1/514622

http://www.securityfocus.com/bid/44420

http://www.securitytracker.com/id?1024683

http://www.vupen.com/english/advisories/2010/2878

http://www.vupen.com/english/advisories/2010/2975

http://yuilibrary.com/support/2.8.2/

Related Vulnerabilities

CVE-2023-30517 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner

CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow

CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-jdk15to18

CVE-2017-8443 Vulnerability in npm package kibana

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory Patch