Cross-site Scripting Vulnerability in Yahoo! YUI Uploader Component
CVE-2013-6780

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui
Vendor: CVE Published:; 13 November 2013

What is CVE-2013-6780?

A cross-site scripting (XSS) vulnerability exists in the uploader.swf file of the Uploader component in Yahoo! YUI versions 2.5.0 through 2.9.0. This vulnerability allows remote attackers to inject arbitrary web scripts or HTML via the 'allowedDomain' parameter, potentially compromising user data and web application integrity. Successful exploitation could lead to unauthorized actions and expose sensitive information.

References

http://packetstormsecurity.com/files/130527/Cisco-Ironpor...

x_refsource_MISC

http://www.securitytracker.com/id/1029528

vdb-entryx_refsource_SECTRACK

http://openwall.com/lists/oss-security/2013/11/25/1

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2013
Vulnerability Reserved
Nov 12, 2013

CVE-2013-6780 Data

JSON