CVE-2012-5881

medium

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/80118

http://yuilibrary.com/support/20121030-vulnerability/

http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/

http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/

http://www.securityfocus.com/bid/56385

Details

Source: Mitre, NVD

Published: 2012-11-16

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: Medium