Cross-Site Scripting Vulnerability in YUI by Yahoo
CVE-2012-5882

Currently unrated

Key Information:

Vendor

Yahoo

Status
Yui
Vendor
CVE Published:
16 November 2012

What is CVE-2012-5882?

The vulnerability allows attackers to exploit a cross-site scripting (XSS) flaw in the Flash component infrastructure of YUI versions 2.5.0 through 2.9.0. By manipulating the uploader.swf file, remote attackers can inject arbitrary web scripts or HTML, posing serious security risks to applications utilizing these versions. Notably, this issue mirrors similar vulnerabilities identified in previous releases, creating potential exposure for web applications relying on YUI.

References

http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vu...
x_refsource_CONFIRM
http://www.yuiblog.com/blog/2012/10/30/security-announcem...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/56385
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.