First published: Fri Nov 16 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Bugzilla | =3.7 | |
Mozilla Bugzilla | =3.7.1 | |
Mozilla Bugzilla | =3.7.2 | |
Mozilla Bugzilla | =3.7.3 | |
Mozilla Bugzilla | =4.0 | |
Mozilla Bugzilla | =4.0-rc1 | |
Mozilla Bugzilla | =4.0-rc2 | |
Mozilla Bugzilla | =4.0.1 | |
Mozilla Bugzilla | =4.0.2 | |
Mozilla Bugzilla | =4.0.3 | |
Mozilla Bugzilla | =4.0.4 | |
Mozilla Bugzilla | =4.0.5 | |
Mozilla Bugzilla | =4.0.6 | |
Mozilla Bugzilla | =4.0.7 | |
Mozilla Bugzilla | =4.0.8 | |
Mozilla Bugzilla | =4.1 | |
Mozilla Bugzilla | =4.1.1 | |
Mozilla Bugzilla | =4.1.2 | |
Mozilla Bugzilla | =4.1.3 | |
Mozilla Bugzilla | =4.2 | |
Mozilla Bugzilla | =4.2-rc1 | |
Mozilla Bugzilla | =4.2-rc2 | |
Mozilla Bugzilla | =4.2.1 | |
Mozilla Bugzilla | =4.2.2 | |
Mozilla Bugzilla | =4.2.3 | |
Mozilla Bugzilla | =4.3 | |
Mozilla Bugzilla | =4.3.1 | |
Mozilla Bugzilla | =4.3.2 | |
Mozilla Bugzilla | =4.3.3 | |
Yahoo Yui | =2.8.0 | |
Yahoo Yui | =2.8.1 | |
Yahoo Yui | =2.8.1-pr1 | |
Yahoo Yui | =2.8.2 | |
Yahoo Yui | =2.9.0 | |
Yahoo Yui | =2.9.0-pr2 | |
Yahoo Yui | =2.9.0-pr4 | |
IBM Security Verify Access Docker | <=10.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-5883 is a cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI versions 2.8.0 through 2.9.0 and Bugzilla versions 3.7 through 4.3.3.
The CVE-2012-5883 vulnerability allows a remote attacker to execute malicious scripts in a victim's web browser by exploiting the improper validation of user-supplied input by the Flash component infrastructure in YUI and Bugzilla.
CVE-2012-5883 affects YUI versions 2.8.0 through 2.9.0 and Bugzilla versions 3.7 through 4.3.3.
CVE-2012-5883 has a severity rating of 4.3 (Medium).
To fix the CVE-2012-5883 vulnerability, it is recommended to update YUI to a version higher than 2.9.0 and Bugzilla to a version higher than 4.3.3.