Soiaxx

**Name of the Vulnerable Software and Affected Versions** Yahoo! YUI versions 2.5.0 through 2.9.0 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `allowedDomain` parameter in the Uploader component, specifically in the uploader.swf file. **Recommendations** For Yahoo! YUI versions 2.5.0 through 2.9.0, consider restricting access to the uploader.swf file in the Uploader component until a fix is available. As a temporary workaround, avoid using the `allowedDomain` parameter in the affected component to minimize the risk of exploitation.