Description

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

Remediation

References

CVE-2012-5883

Related Vulnerabilities

PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4700)

Oracle Database Server CVE-2008-2604 Vulnerability (CVE-2008-2604)

WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)

MySQL CVE-2022-21638 Vulnerability (CVE-2022-21638)

Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2370)

Severity

Medium

Classification

CVE-2012-5883 CWE-707

Tags

Missing Update Known Vulnerabilities