WEB APPLICATION VULNERABILITIES Standard & Premium

YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4208)

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.

Remediation

References

Related Vulnerabilities

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)

WordPress Plugin WooCommerce Weight Based Shipping Cross-Site Request Forgery (5.4.1)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0192)

WordPress Plugin Premium Addons for Elementor Cross-Site Scripting (3.7.2)

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-44227)

Severity

Medium

Classification

CVE-2010-4208 CWE-707

Tags

Missing Update Known Vulnerabilities