Search
Search Results (69 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4710 | 1 Yahoo | 1 Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. | ||||
| CVE-2013-4699 | 1 Yahoo | 1 Yafuoku\! | 2025-04-11 | N/A |
| The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2012-5883 | 2 Mozilla, Yahoo | 2 Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. | ||||
| CVE-2013-2316 | 1 Yahoo | 1 Yahoo\! Browser | 2025-04-11 | N/A |
| The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. | ||||
| CVE-2013-2307 | 1 Yahoo | 1 Yahoo\! Browser | 2025-04-11 | N/A |
| The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. | ||||
| CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | ||||
| CVE-2013-6780 | 1 Yahoo | 1 Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. | ||||
| CVE-2010-4209 | 2 Mozilla, Yahoo | 2 Bugzilla, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | ||||
| CVE-2019-6035 | 1 Yahoo | 1 Athenz | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | ||||