FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (aa4f86af-3172-11e2-ad21-20cf30e32f6d)

medium Nessus Plugin ID 63070

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The YUI team reports : Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files.

If your site loads YUI 2 from a CDN (yui.yahooapis.com, ajax.googleapis.com, etc.) and not from your own domain, you are not affected. YUI 3 is not affected by this issue.

Solution

Update the affected package.

See Also

https://yuilibrary.com/support/20121030-vulnerability/

http://www.nessus.org/u?60dda5b0

Plugin Details

Severity: Medium

ID: 63070

File Name: freebsd_pkg_aa4f86af317211e2ad2120cf30e32f6d.nasl

Version: 1.7

Type: local

Published: 11/28/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:yahoo-ui, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/27/2012

Vulnerability Publication Date: 10/30/2012

Reference Information

CVE: CVE-2012-5881, CVE-2012-5882