CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 3CVE-2013-6780 – Cisco Ironport AsyncOS Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6780
13 Nov 2013 — Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Vulnerabilidad de XSS en uploader.swf en el componente Uploader de Yahoo! YUI 2.5.0 hasta la versión 2.9.0 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro allowedDomain. Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability. • https://packetstorm.news/files/id/130527 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5881
https://notcve.org/view.php?id=CVE-2012-5881
16 Nov 2012 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.4.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con charts.swf. Se trata de un pro... • http://www.securityfocus.com/bid/56385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2012-5882
https://notcve.org/view.php?id=CVE-2012-5882
16 Nov 2012 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.5.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con uploader.swf. Se trata de un... • http://www.securityfocus.com/bid/56385 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2012-5883
https://notcve.org/view.php?id=CVE-2012-5883
16 Nov 2012 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.8.0 a v2.9.0 tal y como se usa en ... • http://www.bugzilla.org/security/3.6.11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 15EXPL: 0CVE-2010-4710
https://notcve.org/view.php?id=CVE-2010-4710
28 Jan 2011 — Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el accesorio Menu en YUI anteriores a v2.9.0 permite a atacantes remotos inyectar ... • http://yuilibrary.com/forum/viewtopic.php?p=12923 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 1%CPEs: 10EXPL: 0CVE-2010-4207
https://notcve.org/view.php?id=CVE-2010-4207
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.4.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyec... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 0CVE-2010-4208
https://notcve.org/view.php?id=CVE-2010-4208
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.5.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos i... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 6EXPL: 0CVE-2010-4209
https://notcve.org/view.php?id=CVE-2010-4209
07 Nov 2010 — Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.8.0 hasta v2.8.1, tal como se emplea en Bugzilla v3.7.1 hasta v3.7.3 y v4.1, permite a atacantes remotos inyecta... • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •