CVE-2012-5881Cross-site Scripting in YUI

CWE-79Cross-site Scripting5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yahoo YUI
Timeline
PublishedNov 16
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Ubuntuyahoo/yui< 2.9.0.dfsg.0.1-0.1
NVDyahoo/yui11 versions+10

Patches

Patch: yuilibrary.comPatch: yuilibrary.com

🔴Vulnerability Details

4
GHSA
Cross-site scripting in yui 2.4.02022-05-17
OSV
Cross-site scripting in yui 2.4.02022-05-17
OSV
CVE-2012-5881: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 22012-11-16
CVEList
CVE-2012-5881: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 22012-11-16
CVE-2012-5881 — Cross-site Scripting in Yahoo YUI | cvebase