4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
71.2%
Cross-site scripting (XSS) vulnerability in the Flash component
infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject
arbitrary web script or HTML via vectors related to charts.swf, a similar
issue to CVE-2010-4207.
Author | Note |
---|---|
jdstrand | maas uses an embedded copy of yui 3.4.1 in 12.04 and portions of yui3 in 12.10 and higher per upstream, yui3 not affected |
www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/
yuilibrary.com/support/20121030-vulnerability/
launchpad.net/bugs/cve/CVE-2012-5881
nvd.nist.gov/vuln/detail/CVE-2012-5881
security-tracker.debian.org/tracker/CVE-2012-5881
www.cve.org/CVERecord?id=CVE-2012-5881