XSS Vulnerability in YUI Menu Widget
CVE-2010-4710

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui
Vendor: CVE Published:; 28 January 2011

What is CVE-2010-4710?

A cross-site scripting (XSS) vulnerability exists in the addItem method of the Menu widget in YUI versions prior to 2.9.0. This flaw enables remote attackers to inject arbitrary web scripts or HTML into a field added to a menu. The issue arises because the affected documentation incorrectly categorizes this field as a text field, rather than specifying it as an HTML field. This vulnerability is similar to other previously reported issues within the framework, highlighting ongoing concerns regarding input validation.

References

http://yuilibrary.com/projects/yui2/ticket/2529231

x_refsource_CONFIRM

http://yuilibrary.com/projects/yui2/ticket/2529228

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/65180

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2011
Vulnerability Reserved
Jan 28, 2011

CVE-2010-4710 Data

JSON

Yahoo

What is CVE-2010-4710?

References

Timeline