fkie_nvd - fkie_cve-2012-5881

fkie_cve-2012-5881

Vulnerability from fkie_nvd

Published

2012-11-16 12:24

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/56385
cve@mitre.org	http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
cve@mitre.org	http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/	Vendor Advisory
cve@mitre.org	http://yuilibrary.com/support/20121030-vulnerability/	Patch
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/80118
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56385
af854a3a-2127-422b-91ae-364da2661108	http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/
af854a3a-2127-422b-91ae-364da2661108	http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://yuilibrary.com/support/20121030-vulnerability/	Patch
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/80118

Impacted products

Vendor	Product	Version
yahoo	yui	2.4.0
yahoo	yui	2.4.1
yahoo	yui	2.5.0
yahoo	yui	2.5.1
yahoo	yui	2.5.2
yahoo	yui	2.6.0
yahoo	yui	2.7.0
yahoo	yui	2.8.0
yahoo	yui	2.8.1
yahoo	yui	2.8.1
yahoo	yui	2.8.2
yahoo	yui	2.9.0
yahoo	yui	2.9.0
yahoo	yui	2.9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F634D1-01D7-4DA6-87F0-5B2DEEE5474D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93863F6-0292-407A-A64F-A489ACB8AF14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*",
              "matchCriteriaId": "EE5171DD-4DD2-4E31-8AB3-79C3BF98631D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E123BE37-CAB5-4E39-A30A-FEE929D94B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15C1F0CF-A011-4299-8A9F-FE2B4005AAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*",
              "matchCriteriaId": "7AB27623-B6A3-46D8-93E3-D284E46FF38D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*",
              "matchCriteriaId": "623A34B4-A44C-4B7A-B01E-18560D17659A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.4.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con charts.swf. Se trata de un problema similar con CVE-2010-4207.\r\n"
    }
  ],
  "id": "CVE-2012-5881",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2012-11-16T12:24:24.807",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/56385"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://yuilibrary.com/support/20121030-vulnerability/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/56385"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://yuilibrary.com/support/20121030-vulnerability/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-5881 (GCVE-0-2012-5881)

Vulnerability from cvelistv5

Published

2012-11-16 11:00

Modified

2024-08-06 21:21