Cross-Site Scripting Flaw in YUI Framework Affecting Various Products
CVE-2010-4207

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui
Vendor: CVE Published:; 7 November 2010

What is CVE-2010-4207?

A Cross-Site Scripting (XSS) vulnerability exists within the Flash component of the YUI framework, specifically from versions 2.4.0 to 2.8.1. This flaw allows attackers to exploit vulnerable web applications, such as Bugzilla and Moodle, by injecting arbitrary web scripts or HTML code through targeted vectors in charts/assets/charts.swf. If successful, these attacks can potentially compromise user data and lead to unauthorized actions within affected applications.

References

http://moodle.org/mod/forum/discuss.php?d=160910

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://yuilibrary.com/support/2.8.2/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2010
Vulnerability Reserved
Nov 7, 2010

CVE-2010-4207 Data

JSON

Yahoo

What is CVE-2010-4207?

References

Timeline