CVE-2010-4208

medium

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.

References

http://yuilibrary.com/support/2.8.2/

http://www.vupen.com/english/advisories/2010/2975

http://www.vupen.com/english/advisories/2010/2878

http://www.securitytracker.com/id?1024683

http://www.securityfocus.com/bid/44420

http://www.securityfocus.com/archive/1/514622

http://www.openwall.com/lists/oss-security/2010/11/07/1

http://www.bugzilla.org/security/3.2.8/

http://secunia.com/advisories/42271

http://secunia.com/advisories/41955

http://moodle.org/mod/forum/discuss.php?d=160910

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html

Details

Source: Mitre, NVD

Published: 2010-11-07

Updated: 2011-02-05

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium