{"id":"UBUNTU-CVE-2010-4208","details":"Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.","modified":"2026-05-20T16:03:04.290500619Z","published":"2010-11-07T22:00:00Z","upstream":["CVE-2010-4208"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2010-4208"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2010-4208"}],"affected":[{"package":{"name":"loggerhead","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.19~bzr479+dfsg-1","1.19~bzr479+dfsg-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.19~bzr479+dfsg-1ubuntu1","binary_name":"loggerhead"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"webgui","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/webgui?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["7.10.29-3"],"ecosystem_specific":{"binaries":[{"binary_version":"7.10.29-3","binary_name":"webgui"},{"binary_name":"webgui-l10n-de","binary_version":"7.10.29-3"},{"binary_name":"webgui-l10n-es","binary_version":"7.10.29-3"},{"binary_name":"webgui-l10n-nl","binary_version":"7.10.29-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"loggerhead","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.19~bzr479+dfsg-2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.19~bzr479+dfsg-2","binary_name":"loggerhead"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"loggerhead","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.19~bzr479+dfsg-3","1.19~bzr494-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.19~bzr494-1","binary_name":"loggerhead"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"loggerhead","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.19~bzr511-1"],"ecosystem_specific":{"binaries":[{"binary_name":"loggerhead","binary_version":"1.19~bzr511-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"loggerhead","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.1+bzr541+ds-2"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.1+bzr541+ds-2","binary_name":"loggerhead"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"loggerhead","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.1+bzr548-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.1+bzr548-1","binary_name":"loggerhead"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}},{"package":{"name":"loggerhead","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/loggerhead?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.0.1+bzr548-1","2.0.3-1","2.0.3-2","2.0.3-3"],"ecosystem_specific":{"binaries":[{"binary_version":"2.0.3-3","binary_name":"loggerhead"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2010/UBUNTU-CVE-2010-4208.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}