CVE-2012-5881
Publication date 16 November 2012
Last updated 24 July 2024
Ubuntu priority
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
Status
Package | Ubuntu Release | Status |
---|---|---|
maas | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
yui | ||
18.04 LTS bionic | Not in release | |
16.04 LTS xenial |
Not affected
|
|
14.04 LTS trusty | Not in release | |
Notes
jdstrand
maas uses an embedded copy of yui 3.4.1 in 12.04 and portions of yui3 in 12.10 and higher per upstream, yui3 not affected