CVE-2012-5882

NONE EPSS 82.0%
Published Nov 16, 201213y ago · Modified Jun 16, 20262w ago
Find Similar
Published Nov 16, 2012 13y ago
Last Modified Jun 16, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.

Threat Intelligence

EPSS Exploit Probability
82.0% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 14

VendorProductVersionRange
yahooyui2.4.0any
yahooyui2.4.1any
yahooyui2.5.0any
yahooyui2.5.1any
yahooyui2.5.2any
yahooyui2.6.0any
yahooyui2.7.0any
yahooyui2.8.0any
yahooyui2.8.1any
yahooyui2.8.1any
yahooyui2.8.2any
yahooyui2.9.0any
yahooyui2.9.0any
yahooyui2.9.0any

References 4

  • securityfocus.com http://www.securityfocus.com/bid/56385
  • yuiblog.com http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
  • yuiblog.com http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/
  • yuilibrary.com http://yuilibrary.com/support/20121030-vulnerability/
    PatchVendor Advisory

Remediation

  • yuilibrary.com http://yuilibrary.com/support/20121030-vulnerability/
    PatchVendor Advisory