CVE-2012-5883 — Cross-site Scripting in Mozilla Bugzilla

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 29.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yahoo YUI Mozilla Bugzilla

Timeline

PublishedNov 16

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmozilla/bugzilla25 versions+24

▶Ubuntuyahoo/yui< 2.9.0.dfsg.0.1-0.1

▶NVDyahoo/yui4 versions+3

Patches

Patch: yuilibrary.com ↗Patch: yuilibrary.com ↗

🔴Vulnerability Details

GHSA

GHSA-2jch-w7cm-rw24: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2↗2022-05-17

▶

CVEList

CVE-2012-5883: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2↗2012-11-16

▶

OSV

CVE-2012-5883: Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2↗2012-11-16

▶