Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

Remediation

References

CVE-2010-4207

Related Vulnerabilities

WordPress Plugin TDO Mini Forms Arbitrary File Upload (0.13.9)

WordPress Plugin Picture Gallery-Frontend Image Uploads, AJAX Photo List Cross-Site Scripting (1.4.2)

Varnish Cache Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0345)

WordPress Plugin Daily Prayer Time Cross-Site Scripting (2021.08.07)

Artifactory Missing Authorization Vulnerability (CVE-2019-10323)

Severity

Medium

Classification

CVE-2010-4207 CWE-707

Tags

Missing Update Known Vulnerabilities