Cross-site Scripting Vulnerability in YUI Flash Component
CVE-2012-5881

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui
Vendor: CVE Published:; 16 November 2012

What is CVE-2012-5881?

A cross-site scripting vulnerability exists in the Flash component infrastructure of YUI versions 2.4.0 to 2.9.0. This allows remote attackers to exploit the vulnerability and inject arbitrary web scripts or HTML into the affected applications. The specific issue is related to the handling of charts.swf, posing a risk similar to previous vulnerabilities. Such exploitation can lead to unauthorized access, data theft, or defacement of web content.

References

http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vu...

x_refsource_CONFIRM

http://www.yuiblog.com/blog/2012/10/30/security-announcem...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/56385

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 16, 2012
Vulnerability Reserved
Nov 16, 2012

CVE-2012-5881 Data

JSON

Yahoo

What is CVE-2012-5881?

References

Timeline