CVE-2012-5882Cross-site Scripting in YUI

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 46.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yahoo YUI
Timeline
PublishedNov 16
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Ubuntuyahoo/yui< 2.9.0.dfsg.0.1-0.1
NVDyahoo/yui11 versions+10

Patches

Patch: yuilibrary.comPatch: yuilibrary.com

🔴Vulnerability Details

3
GHSA
GHSA-x878-5xff-v777: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 22022-05-17
CVEList
CVE-2012-5882: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 22012-11-16
OSV
CVE-2012-5882: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 22012-11-16
CVE-2012-5882 — Cross-site Scripting in Yahoo YUI | cvebase