CVE-2012-5882
NONE EPSS 82.0%
Published Nov 16, 201213y ago · Modified Jun 16, 20262w ago
Published Nov 16, 2012 13y ago
Last Modified Jun 16, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
Threat Intelligence
EPSS Exploit Probability
82.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 14
References 4
- securityfocus.com http://www.securityfocus.com/bid/56385
- yuiblog.com http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
- yuiblog.com http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/
- yuilibrary.com http://yuilibrary.com/support/20121030-vulnerability/
Remediation
- yuilibrary.com http://yuilibrary.com/support/20121030-vulnerability/