CVE-2012-5882

Name of the Vulnerable Software and Affected Versions YUI versions 2.5.0 through 2.9.0

Description A cross-site scripting (XSS) issue exists in the Flash component infrastructure, allowing remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf. This is similar to a previously identified issue.

Recommendations For YUI versions 2.5.0 through 2.9.0, consider disabling the Flash component infrastructure as a temporary workaround until a patch is available. Restrict access to the uploader.swf file to minimize the risk of exploitation.