Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.

Remediation

References

CVE-2012-5882

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15809)

Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2022-21655)

WordPress Plugin Posts in Page Local File Inclusion (1.2.4)

WordPress Plugin User Domain Whitelist Multiple Vulnerabilities (1.4)

WordPress Plugin Import all XML, CSV & TXT into WordPress Unspecified Vulnerability (3.7.2)

Severity

Medium

Classification

CVE-2012-5882 CWE-707

Tags

Missing Update Known Vulnerabilities