Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 up to and including 2.9.0, as used in Bugzilla 3.7.x and 4.0.x prior to 4.0.9, 4.1.x and 4.2.x prior to 4.2.4, and 4.3.x and 4.4.x prior to 4.4rc1, allows remote malicious users to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yahoo yui 2.8.1 |
||
mozilla bugzilla 3.7.2 |
||
mozilla bugzilla 3.7 |
||
mozilla bugzilla 4.0.4 |
||
mozilla bugzilla 4.0.5 |
||
mozilla bugzilla 4.2.1 |
||
mozilla bugzilla 4.2.2 |
||
mozilla bugzilla 4.3.2 |
||
mozilla bugzilla 4.3.3 |
||
yahoo yui 2.8.0 |
||
mozilla bugzilla 3.7.3 |
||
mozilla bugzilla 3.7.1 |
||
mozilla bugzilla 4.0 |
||
mozilla bugzilla 4.0.8 |
||
mozilla bugzilla 4.0.7 |
||
mozilla bugzilla 4.1 |
||
mozilla bugzilla 4.1.3 |
||
mozilla bugzilla 4.3 |
||
mozilla bugzilla 4.3.1 |
||
yahoo yui 2.8.2 |
||
yahoo yui 2.9.0 |
||
mozilla bugzilla 4.0.2 |
||
mozilla bugzilla 4.0.3 |
||
mozilla bugzilla 4.2 |
||
mozilla bugzilla 4.0.6 |
||
mozilla bugzilla 4.0.1 |
||
mozilla bugzilla 4.1.1 |
||
mozilla bugzilla 4.1.2 |
||
mozilla bugzilla 4.2.3 |