CVE-2010-4710

Priority
Negligible
Description
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu
widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web
script or HTML via a field that is added to a menu, related to
documentation that specifies this field as a text field rather than an HTML
field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
References
Notes
jdstrand> documentation issue
Package
Source: yui (LP Ubuntu Debian)
Upstream:released (2.9.0)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):ignored
Ubuntu 11.04 (Natty Narwhal):ignored
Ubuntu 11.10 (Oneiric Ocelot):ignored
Ubuntu 12.04 LTS (Precise Pangolin):ignored
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:21:41 UTC (commit 5347)