Cross-site Scripting Vulnerability in YUI by Yahoo! Affecting Bugzilla and Moodle
CVE-2010-4208

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui
Vendor: CVE Published:; 7 November 2010

What is CVE-2010-4208?

A cross-site scripting (XSS) vulnerability exists within the Flash component infrastructure of YUI versions 2.5.0 through 2.8.1. This flaw enables remote attackers to inject arbitrary web scripts or HTML code through specific vectors related to the uploader.swf file. Products relying on affected versions of YUI, such as Bugzilla and Moodle, may inadvertently expose users to harmful attacks, potentially leading to unauthorized access or data breaches.

References

http://moodle.org/mod/forum/discuss.php?d=160910

x_refsource_CONFIRM

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://yuilibrary.com/support/2.8.2/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2010
Vulnerability Reserved
Nov 7, 2010

CVE-2010-4208 Data

JSON