From e4965b022a6a32306a1f06ba8ab215dc52fba3c2 Mon Sep 17 00:00:00 2001 From: Greg Larkin Date: Wed, 15 Dec 2010 23:48:53 +0000 Subject: - Document JavaScript injection exploits in Yahoo UI (YUI) library --- security/vuxml/vuln.xml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 74c5b6776c02..7a7c3d42104b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,40 @@ Note: Please add new entries to the beginning of this file. --> + + YUI JavaScript library -- JavaScript injection exploits in Flash components + + + yahoo-ui + 2.8.2 + + + + +

The YUI team reports:

+
A security-related defect was introduced in the YUI 2 Flash + component infrastructure beginning with the YUI 2.4.0 release. + This defect allows JavaScript injection exploits to be created + against domains that host affected YUI .swf files.
+

+ + + + CVE-2010-4207 + CVE-2010-4208 + CVE-2010-4209 + http://www.yuiblog.com/blog/2010/10/25/yui-2-8-2-security-update/ + http://secunia.com/advisories/41955 + http://www.openwall.com/lists/oss-security/2010/11/07/1 + http://yuilibrary.com/support/2.8.2/ + + + 2010-10-25 + 2010-12-15 + + + php -- multiple vulnerabilities -- cgit v1.2.3