Description

Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.

Remediation

References

CVE-2010-4710

Related Vulnerabilities

WebLogic CVE-2020-5421 Vulnerability (CVE-2020-5421)

WordPress 4.9.x Directory Traversal (4.9 - 4.9.25)

WordPress Plugin OneSignal-Web Push Notifications Cross-Site Scripting (1.17.7)

WordPress Plugin Simple Membership Cross-Site Scripting (3.5.6)

Oracle HTTP Server CVE-2016-0671 Vulnerability (CVE-2016-0671)

Severity

Medium

Classification

CVE-2010-4710 CWE-707

Tags

Missing Update Known Vulnerabilities