CVE-2010-4207 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1 as used in Bugzilla Moodle and other products allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://moodle.org/mod/forum/discuss.php?d=160910 http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8/ http://www.openwall.com/lists/oss-security/2010/11/07/1 http://www.securityfocus.com/archive/1/514622 http://www.securityfocus.com/bid/44420 http://www.securitytracker.com/id?1024683 http://www.vupen.com/english/advisories/2010/2878 http://www.vupen.com/english/advisories/2010/2975 http://yuilibrary.com/support/2.8.2/

Share on: