CVE-2010-4207

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

Related CPE's

ayahooyui2.5.2*******

ayahooyui2.7.0*******

ayahooyui2.5.1*******

ayahooyui2.4.0*******

ayahooyui2.8.0*******

ayahooyui2.5.0*******

ayahooyui2.8.1*******

ayahooyui2.6.0*******

amoodlemoodle********

amozillabugzilla********

References

http://yuilibrary.com/support/2.8.2/

PatchVendor Advisory

http://moodle.org/mod/forum/discuss.php?d=160910

ADV-2010-2878

Vendor Advisory

41955

Vendor Advisory

http://www.bugzilla.org/security/3.2.8/

[oss-security] 20101107 Re: CVE request: moodle 1.9.10

1024683

FEDORA-2010-17235

FEDORA-2010-17274

20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3

42271

FEDORA-2010-17280

ADV-2010-2975

SUSE-SR:2010:021

44420

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io