Description

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

Remediation

References

CVE-2013-6780

Related Vulnerabilities

Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-21733)

WordPress Plugin Moova for WooCommerce Cross-Site Scripting (3.5)

WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)

WordPress Insecure Default Initialization of Resource Vulnerability (CVE-2017-5491)

WordPress Plugin Cherry Services List Information Disclosure (1.4.1)

Severity

Medium

Classification

CVE-2013-6780 CWE-707

Tags

Missing Update Known Vulnerabilities