Description
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
Remediation
References
Related Vulnerabilities
WordPress Plugin Job Manager Multiple Cross-Site Scripting Vulnerabilities (0.7.18)
PrestaShop Improper Authentication Vulnerability (CVE-2021-21308)
WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-7836)