CVE-2010-4207
Description
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
Related CPE's
References
PatchVendor Advisory
Vendor Advisory
Vendor Advisory
CvssV3 impact
Could not find any metrics
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:M/Au:N/C:N/I:P/A:N |
AccessVector | NETWORK |
AccessComplexity | MEDIUM |
Authentication | NONE |
ConfidentialityImpact | NONE |
IntegrityImpact | PARTIAL |
AvailabilityImpact | NONE |
BaseScore | 4.300000190734863 |