Description
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
Remediation
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html
http://moodle.org/mod/forum/discuss.php?d=160910
http://secunia.com/advisories/41955
http://secunia.com/advisories/42271
http://www.bugzilla.org/security/3.2.8/
http://www.openwall.com/lists/oss-security/2010/11/07/1
http://www.securityfocus.com/archive/1/514622
http://www.securityfocus.com/bid/44420
http://www.securitytracker.com/id?1024683
http://www.vupen.com/english/advisories/2010/2878
http://www.vupen.com/english/advisories/2010/2975
http://yuilibrary.com/support/2.8.2/
Related Vulnerabilities
CVE-2022-41236 Vulnerability in maven package org.jenkins-ci.plugins:security-inspector
CVE-2021-42340 Vulnerability in maven package org.apache.tomcat:tomcat-websocket
CVE-2022-29405 Vulnerability in maven package org.apache.archiva:archiva
CVE-2020-4066 Vulnerability in npm package limdu
CVE-2022-41928 Vulnerability in maven package org.xwiki.platform:xwiki-platform-attachment-ui