PT-2010-5355 · Yahoo · Yui
Steven M. Christey
·
Publicado
2010-11-07
·
Atualizado
2011-02-05
·
CVE-2010-4207
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
YUI versions 2.4.0 through 2.8.1
Description
A cross-site scripting issue exists due to a vulnerability in the Flash component infrastructure. This allows remote attackers to inject arbitrary web script or HTML. The issue is related to vectors involving charts/assets/charts.swf.
Recommendations
For YUI versions 2.4.0 through 2.8.1, consider disabling the Flash component infrastructure as a temporary workaround until a patch is available. Restrict access to charts/assets/charts.swf to minimize the risk of exploitation.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Yui