CVE-2012-5882

NameCVE-2012-5882
DescriptionCross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs693608, 694641

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
icinga-websource(unstable)1.7.1+dfsg2-6694641
yuisource(unstable)2.9.0.dfsg.0.1-0.1693608
yui3source(unstable)(not affected)

Notes

- yui3 <not-affected> (Vulnerable code not present)
[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
Search for package or bug name: Reporting problems