FreeBSD : YUI JavaScript library -- JavaScript injection exploits in Flash components (aa4f86af-3172-11e2-ad21-20cf30e32f6d)

Medium Nessus Plugin ID 63070


The remote FreeBSD host is missing a security-related update.


The YUI team reports : Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files.

If your site loads YUI 2 from a CDN (,, etc.) and not from your own domain, you are not affected. YUI 3 is not affected by this issue.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 63070

File Name: freebsd_pkg_aa4f86af317211e2ad2120cf30e32f6d.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/11/28

Modified: 2013/06/22

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:yahoo-ui, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/11/27

Vulnerability Publication Date: 2012/10/30

Reference Information

CVE: CVE-2012-5881, CVE-2012-5882