CVE-2010-4208

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.

Related CPE's

ayahooyui2.5.2*******

ayahooyui2.7.0*******

ayahooyui2.5.1*******

ayahooyui2.8.0*******

ayahooyui2.5.0*******

ayahooyui2.8.1*******

ayahooyui2.6.0*******

amoodlemoodle********

amozillabugzilla********

References

ADV-2010-2878

Vendor Advisory

41955

Vendor Advisory

http://yuilibrary.com/support/2.8.2/

PatchVendor Advisory

http://www.bugzilla.org/security/3.2.8/

Vendor Advisory

http://moodle.org/mod/forum/discuss.php?d=160910

[oss-security] 20101107 Re: CVE request: moodle 1.9.10

ADV-2010-2975

FEDORA-2010-17280

FEDORA-2010-17274

20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3

1024683

FEDORA-2010-17235

42271

SUSE-SR:2010:021

44420

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:M/Au:N/C:N/I:P/A:N

AccessVector

NETWORK

AccessComplexity

MEDIUM

Authentication

NONE

ConfidentialityImpact

NONE

IntegrityImpact

PARTIAL

AvailabilityImpact

NONE

BaseScore

4.300000190734863

Created by Yello
About Severity.io