CVE-2010-4208

Priority
Description
Cross-site scripting (XSS) vulnerability in the Flash component
infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and
other products, allows remote attackers to inject arbitrary web script or
HTML via vectors related to uploader/assets/uploader.swf.
Notes
Package
Source: jifty (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses libjs-yui])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses libjs-yui])
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.04 (Disco Dingo):ignored (reached end-of-life)
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
Package
Upstream:released (1.9.10)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [2.2.2.dfsg-2])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.2.2.dfsg-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.2.2.dfsg-2)
Ubuntu 19.04 (Disco Dingo):not-affected (2.2.2.dfsg-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (2.2.2.dfsg-2)
Ubuntu 20.04 (Focal Fossa):not-affected (2.2.2.dfsg-2)
Package
Source: otrs2 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses libjs-yui])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [uses libjs-yui])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (uses libjs-yui)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (uses libjs-yui)
Ubuntu 19.04 (Disco Dingo):not-affected (uses libjs-yui)
Ubuntu 19.10 (Eoan Ermine):not-affected (uses libjs-yui)
Ubuntu 20.04 (Focal Fossa):not-affected (uses libjs-yui)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [uses libjs-yui])
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Source: yui (LP Ubuntu Debian)
Upstream:released (2.8.2r1~squeeze-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [2.8.2r1~squeeze-1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [2.8.2r1~squeeze-1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.8.2r1~squeeze-1)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
More Information

Updated: 2020-01-23 20:16:51 UTC (commit b4629892d998f2ede31f59bb7508dc50a92ac664)