Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI prior to 2.9.0 allows remote malicious users to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yahoo yui 2.4.0 |
||
yahoo yui 2.4.1 |
||
yahoo yui 2.5.2 |
||
yahoo yui 2.8.0 |
||
yahoo yui 2.2.0 |
||
yahoo yui 2.2.2 |
||
yahoo yui 2.5.0 |
||
yahoo yui 2.6.0 |
||
yahoo yui 2.3.0 |
||
yahoo yui 2.3.1 |
||
yahoo yui 2.7.0 |
||
yahoo yui 2.8.1 |
||
yahoo yui 2.5.1 |
||
yahoo yui |