CVE-2012-5883
https://notcve.org/view.php?id=CVE-2012-5883
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.8.0 a v2.9.0 tal y como se usa en Bugzilla v3.7.x y v4.0.x antes de v4.0.9, v4.1.x y v4.2.x antes de v4.2.4 y v4.3.x y v4.4.x antes de v4.4rc1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con swfstore.swf. Se trata de un problema similar a CVE-2010-4209. • http://www.bugzilla.org/security/3.6.11 http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability https://bugzilla.mozilla.org/show_bug.cgi?id=808845 https://exchange.xforce.ibmcloud.com/vulnerabilities/80116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5881
https://notcve.org/view.php?id=CVE-2012-5881
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.4.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con charts.swf. Se trata de un problema similar con CVE-2010-4207. • http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/80118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5882
https://notcve.org/view.php?id=CVE-2012-5882
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.5.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con uploader.swf. Se trata de un problema similar a CVE-2010-4208. • http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4710
https://notcve.org/view.php?id=CVE-2010-4710
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el accesorio Menu en YUI anteriores a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un campo que se añade al menú, relacionado con la documentación que especifica que es un campo de texto más que un campo HTML, problema similar a CVE-2010-4569 y CVE-2010-4570. • http://yuilibrary.com/forum/viewtopic.php?p=12923 http://yuilibrary.com/projects/yui2/ticket/2529228 http://yuilibrary.com/projects/yui2/ticket/2529231 https://exchange.xforce.ibmcloud.com/vulnerabilities/65180 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2010-4207
https://notcve.org/view.php?id=CVE-2010-4207
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.4.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con charts/assets/charts.swf. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://moodle.org/mod/forum/discuss.php?d=160910 http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •