Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

Remediation

References

http://www.bugzilla.org/security/3.6.11/

http://www.mandriva.com/security/advisories?name=MDVSA-2013:066

http://www.securityfocus.com/bid/56385

http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/

http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/

http://yuilibrary.com/support/20121030-vulnerability/

https://bugzilla.mozilla.org/show_bug.cgi?id=808845

https://exchange.xforce.ibmcloud.com/vulnerabilities/80116

Related Vulnerabilities

CVE-2023-33264 Vulnerability in maven package com.hazelcast:hazelcast

CVE-2023-45137 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates

CVE-2019-15903 Vulnerability in npm package dbus

CVE-2011-1184 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2015-3337 Vulnerability in maven package org.elasticsearch:elasticsearch

Severity

Critical

Classification

CWE-79

Tags

Patch Vendor Advisory