Cross-Site Scripting Vulnerability in YUI 2.8 Affecting Bugzilla Products
CVE-2010-4209

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui
Vendor: CVE Published:; 7 November 2010

What is CVE-2010-4209?

The vulnerability in the Flash component infrastructure of YUI versions 2.8.0 to 2.8.1 allows attackers to perform cross-site scripting attacks by injecting arbitrary web scripts or HTML. This flaw is particularly pertinent within Bugzilla versions 3.7.1 to 3.7.3 and 4.1, exposing users to potential unauthorized access and manipulation of web content via malicious SWF files.

References

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://yuilibrary.com/support/2.8.2/

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2010/2878

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2010
Vulnerability Reserved
Nov 7, 2010

CVE-2010-4209 Data

JSON

Yahoo

What is CVE-2010-4209?

References

Timeline