CVE-2013-6780 โ€” Cross-site Scripting in YUI

CWE-79 โ€” Cross-site Scripting9 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 26.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Yahoo YUI
Timeline
PublishedNov 13
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

โ–ถNVDyahoo/yui9 versions+8

๐Ÿ”ดVulnerability Details

2
GHSA
GHSA-8795-rjrm-xjf7: Cross-site scripting (XSS) vulnerability in uploaderโ†—2022-05-17
โ–ถ
CVEList
CVE-2013-6780: Cross-site scripting (XSS) vulnerability in uploaderโ†—2013-11-13
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Red Hat
XSS vulnerability in YUI 2.5.0 through 2.9.0โ†—2013-11-11
โ–ถ

๐Ÿ’ฌCommunity

5
Bugzilla
CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [epel-5]โ†—2013-11-13
โ–ถ
Bugzilla
CVE-2013-6780 dojo: XSS vulnerability in YUI 2.5.0 through 2.9.0 [epel-all]โ†—2013-11-13
โ–ถ
Bugzilla
CVE-2013-6780 dojo: XSS vulnerability in YUI 2.5.0 through 2.9.0 [fedora-all]โ†—2013-11-13
โ–ถ
Bugzilla
CVE-2013-6780 moodle: XSS vulnerability in YUI 2.5.0 through 2.9.0 [fedora-18]โ†—2013-11-13
โ–ถ
Bugzilla
CVE-2013-6780 XSS vulnerability in YUI 2.5.0 through 2.9.0โ†—2013-11-13
โ–ถ
CVE-2013-6780 โ€” Cross-site Scripting in Yahoo YUI | cvebase