Description

Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.

Remediation

References

CVE-2010-4710

Related Vulnerabilities

Apache HTTP Server CVE-2013-1862 Vulnerability (CVE-2013-1862)

WordPress Plugin IzeeChat-Live Chat Cross-Site Scripting (1.0)

WordPress Plugin WP Rollback Multiple Vulnerabilities (1.2.2)

WordPress Plugin MC4WP:Mailchimp for WordPress Cross-Site Scripting (2.2.7)

phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-1000419)

Severity

Medium

Classification

CVE-2010-4710 CWE-707

Tags

Missing Update Known Vulnerabilities