CVE-2010-4209
Published: 7 November 2010
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.
Priority
Status
Package | Release | Status |
---|---|---|
jifty Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
dapper |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hardy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
maverick |
Not vulnerable
(uses libjs-yui)
|
|
natty |
Not vulnerable
(uses libjs-yui)
|
|
oneiric |
Not vulnerable
(uses libjs-yui)
|
|
precise |
Not vulnerable
(uses libjs-yui)
|
|
quantal |
Not vulnerable
(uses libjs-yui)
|
|
raring |
Not vulnerable
(uses libjs-yui)
|
|
saucy |
Not vulnerable
(uses libjs-yui)
|
|
trusty |
Does not exist
(trusty was not-affected [uses libjs-yui])
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|
|
loggerhead Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Needs triage
|
|
kinetic |
Ignored
(end of life, was needs-triage)
|
|
cosmic |
Ignored
(end of life)
|
|
dapper |
Does not exist
|
|
disco |
Ignored
(end of life)
|
|
eoan |
Ignored
(end of life)
|
|
focal |
Needs triage
|
|
groovy |
Ignored
(end of life)
|
|
hardy |
Does not exist
|
|
hirsute |
Ignored
(end of life)
|
|
impish |
Ignored
(end of life)
|
|
jammy |
Needs triage
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Needs triage
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
mantic |
Needs triage
|
|
lunar |
Ignored
(end of life, was needs-triage)
|
|
otrs2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
artful |
Not vulnerable
(uses libjs-yui)
|
|
bionic |
Not vulnerable
(uses libjs-yui)
|
|
cosmic |
Not vulnerable
(uses libjs-yui)
|
|
disco |
Not vulnerable
(uses libjs-yui)
|
|
eoan |
Not vulnerable
(uses libjs-yui)
|
|
focal |
Not vulnerable
(uses libjs-yui)
|
|
groovy |
Not vulnerable
(uses libjs-yui)
|
|
hardy |
Ignored
(end of life)
|
|
hirsute |
Not vulnerable
(uses libjs-yui)
|
|
impish |
Not vulnerable
(uses libjs-yui)
|
|
jammy |
Not vulnerable
(uses libjs-yui)
|
|
karmic |
Ignored
(end of life)
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
maverick |
Not vulnerable
(uses libjs-yui)
|
|
natty |
Not vulnerable
(uses libjs-yui)
|
|
oneiric |
Not vulnerable
(uses libjs-yui)
|
|
precise |
Not vulnerable
(uses libjs-yui)
|
|
quantal |
Not vulnerable
(uses libjs-yui)
|
|
raring |
Not vulnerable
(uses libjs-yui)
|
|
saucy |
Not vulnerable
(uses libjs-yui)
|
|
trusty |
Does not exist
(trusty was not-affected [uses libjs-yui])
|
|
upstream |
Needs triage
|
|
utopic |
Not vulnerable
(uses libjs-yui)
|
|
vivid |
Not vulnerable
(uses libjs-yui)
|
|
wily |
Not vulnerable
(uses libjs-yui)
|
|
xenial |
Not vulnerable
(uses libjs-yui)
|
|
yakkety |
Not vulnerable
(uses libjs-yui)
|
|
zesty |
Not vulnerable
(uses libjs-yui)
|
|
mantic |
Does not exist
|
|
moodle Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(uses libjs-yui)
|
bionic |
Not vulnerable
(uses libjs-yui)
|
|
cosmic |
Not vulnerable
(uses libjs-yui)
|
|
dapper |
Ignored
(end of life)
|
|
disco |
Not vulnerable
(uses libjs-yui)
|
|
eoan |
Not vulnerable
(uses libjs-yui)
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hardy |
Not vulnerable
(uses libjs-yui)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
karmic |
Not vulnerable
(uses libjs-yui)
|
|
kinetic |
Does not exist
|
|
lucid |
Not vulnerable
(uses libjs-yui)
|
|
lunar |
Does not exist
|
|
maverick |
Not vulnerable
(uses libjs-yui)
|
|
natty |
Not vulnerable
(uses libjs-yui)
|
|
oneiric |
Not vulnerable
(uses libjs-yui)
|
|
precise |
Not vulnerable
(uses libjs-yui)
|
|
quantal |
Not vulnerable
(uses libjs-yui)
|
|
raring |
Not vulnerable
(uses libjs-yui)
|
|
saucy |
Not vulnerable
(uses libjs-yui)
|
|
trusty |
Does not exist
(trusty was not-affected [uses libjs-yui])
|
|
upstream |
Released
(1.9.10)
|
|
utopic |
Not vulnerable
(uses libjs-yui)
|
|
vivid |
Not vulnerable
(uses libjs-yui)
|
|
wily |
Not vulnerable
(uses libjs-yui)
|
|
xenial |
Not vulnerable
(uses libjs-yui)
|
|
yakkety |
Not vulnerable
(uses libjs-yui)
|
|
zesty |
Not vulnerable
(uses libjs-yui)
|
|
mantic |
Does not exist
|
|
serendipity Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
dapper |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
maverick |
Not vulnerable
(uses libjs-yui)
|
|
natty |
Not vulnerable
(uses libjs-yui)
|
|
oneiric |
Not vulnerable
(uses libjs-yui)
|
|
precise |
Not vulnerable
(uses libjs-yui)
|
|
quantal |
Not vulnerable
(uses libjs-yui)
|
|
raring |
Not vulnerable
(uses libjs-yui)
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|
|
webgui Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
dapper |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hardy |
Does not exist
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Needs triage
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|
|
yui Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
dapper |
Does not exist
|
|
disco |
Does not exist
|
|
eoan |
Does not exist
|
|
focal |
Does not exist
|
|
groovy |
Does not exist
|
|
hardy |
Ignored
(end of life)
|
|
hirsute |
Does not exist
|
|
impish |
Does not exist
|
|
jammy |
Does not exist
|
|
karmic |
Ignored
(end of life)
|
|
kinetic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
lunar |
Does not exist
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
oneiric |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
precise |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
quantal |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
raring |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
saucy |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
trusty |
Does not exist
(trusty was not-affected [2.8.2r1~squeeze-1])
|
|
upstream |
Released
(2.8.2r1~squeeze-1)
|
|
utopic |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
vivid |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
wily |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
xenial |
Not vulnerable
(2.8.2r1~squeeze-1)
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
mantic |
Does not exist
|