CVE-2013-6780 – Cisco Ironport AsyncOS Cross Site Scripting
https://notcve.org/view.php?id=CVE-2013-6780
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Vulnerabilidad de XSS en uploader.swf en el componente Uploader de Yahoo! YUI 2.5.0 hasta la versión 2.9.0 permite a atacantes remotos inyectar script web o HTML arbitrario a través del parámetro allowedDomain. Cisco Ironport AsyncOS suffers from a cross site scripting vulnerability. • http://openwall.com/lists/oss-security/2013/11/25/1 http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html http://www.securitytracker.com/id/1029528 https://yuilibrary.com/support/20131111-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5883
https://notcve.org/view.php?id=CVE-2012-5883
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.8.0 a v2.9.0 tal y como se usa en Bugzilla v3.7.x y v4.0.x antes de v4.0.9, v4.1.x y v4.2.x antes de v4.2.4 y v4.3.x y v4.4.x antes de v4.4rc1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con swfstore.swf. Se trata de un problema similar a CVE-2010-4209. • http://www.bugzilla.org/security/3.6.11 http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability https://bugzilla.mozilla.org/show_bug.cgi?id=808845 https://exchange.xforce.ibmcloud.com/vulnerabilities/80116 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5881
https://notcve.org/view.php?id=CVE-2012-5881
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.4.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con charts.swf. Se trata de un problema similar con CVE-2010-4207. • http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/80118 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-5882
https://notcve.org/view.php?id=CVE-2012-5882
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.5.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con uploader.swf. Se trata de un problema similar a CVE-2010-4208. • http://www.securityfocus.com/bid/56385 http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2 http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2 http://yuilibrary.com/support/20121030-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •