Affected versions of yui
are vulnerable to cross-site scripting in the uploader.swf
and io.swf
utilities, via script injection in the url.
YUI has published their recommendation to fix this issue.
Their recommendation is to:
CPE | Name | Operator | Version |
---|---|---|---|
yui | ge | 3.0.0 <=3.9.1 =3.10.2 |