Description

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

Remediation

References

CVE-2013-6780

Related Vulnerabilities

WordPress Plugin WP Forum Server Multiple SQL Injection (1.6.5)

SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1148)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8227)

WordPress Plugin Flipbox-Awesomes Flip Boxes Image Overlay Security Bypass (2.6.0)

Horde remote code execution

Severity

Medium

Classification

CVE-2013-6780 CWE-707

Tags

Missing Update Known Vulnerabilities