) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2013-6780 |
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. Published: November 13, 2013; 10:55:04 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5883 |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. Published: November 16, 2012; 7:24:24 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5882 |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. Published: November 16, 2012; 7:24:24 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2012-5881 |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. Published: November 16, 2012; 7:24:24 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |