Back to search
CVE-2010-4208
Published: Nov 7, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://moodle.org/mod/forum/discuss.php?d=160910
x_refsource_CONFIRM
FEDORA-2010-17280
vendor-advisory
x_refsource_FEDORA
http://yuilibrary.com/support/2.8.2/
x_refsource_CONFIRM
ADV-2010-2878
vdb-entry
x_refsource_VUPEN
20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3
mailing-list
x_refsource_BUGTRAQ
http://www.bugzilla.org/security/3.2.8/
x_refsource_CONFIRM
FEDORA-2010-17274
vendor-advisory
x_refsource_FEDORA
41955
third-party-advisory
x_refsource_SECUNIA
1024683
vdb-entry
x_refsource_SECTRACK
44420
vdb-entry
x_refsource_BID
SUSE-SR:2010:021
vendor-advisory
x_refsource_SUSE
FEDORA-2010-17235
vendor-advisory
x_refsource_FEDORA
ADV-2010-2975
vdb-entry
x_refsource_VUPEN
[oss-security] 20101107 Re: CVE request: moodle 1.9.10
mailing-list
x_refsource_MLIST
42271
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now