CVE-2010-4209

Name of the Vulnerable Software and Affected Versions YUI versions 2.8.0 through 2.8.1 Bugzilla versions 3.7.1 through 3.7.3 Bugzilla version 4.1

Description A cross-site scripting (XSS) issue exists in the Flash component infrastructure in YUI, as used in Bugzilla, allowing remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.

Recommendations For YUI versions 2.8.0 through 2.8.1, consider disabling the Flash component infrastructure until a patch is available. For Bugzilla versions 3.7.1 through 3.7.3, restrict access to the Flash component infrastructure to minimize the risk of exploitation. For Bugzilla version 4.1, avoid using the Flash component infrastructure in the affected versions until the issue is resolved.