Описание
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| dapper | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [uses libjs-yui]] |
| esm-infra/focal | DNE | |
| focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| dapper | DNE | |
| devel | needs-triage | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 2.2.2.dfsg-2 |
| bionic | not-affected | 2.2.2.dfsg-2 |
| cosmic | not-affected | 2.2.2.dfsg-2 |
| dapper | ignored | end of life |
| devel | DNE | |
| disco | not-affected | 2.2.2.dfsg-2 |
| eoan | not-affected | 2.2.2.dfsg-2 |
| esm-apps/bionic | not-affected | 2.2.2.dfsg-2 |
| esm-apps/xenial | not-affected | 2.2.2.dfsg-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.2.2.dfsg-2]] |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | uses libjs-yui |
| bionic | not-affected | uses libjs-yui |
| cosmic | not-affected | uses libjs-yui |
| dapper | DNE | |
| devel | DNE | |
| disco | not-affected | uses libjs-yui |
| eoan | not-affected | uses libjs-yui |
| esm-apps/bionic | not-affected | uses libjs-yui |
| esm-apps/focal | not-affected | uses libjs-yui |
| esm-apps/jammy | not-affected | uses libjs-yui |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| dapper | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| dapper | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/xenial | needs-triage | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| esm-infra/focal | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| dapper | DNE | |
| devel | DNE | |
| disco | DNE | |
| eoan | DNE | |
| esm-apps/xenial | not-affected | 2.8.2r1~squeeze-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [2.8.2r1~squeeze-1]] |
| esm-infra/focal | DNE |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
Cross-site scripting (XSS) vulnerability in the Flash component infras ...
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
EPSS
4.3 Medium
CVSS2