{"id":"UBUNTU-CVE-2012-5881","details":"Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.","modified":"2025-07-16T08:10:37.903749Z","published":"2012-11-16T12:24:00Z","withdrawn":"2025-07-18T16:42:48Z","upstream":["CVE-2012-5881"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-5881"},{"type":"REPORT","url":"http://yuilibrary.com/support/20121030-vulnerability/"},{"type":"REPORT","url":"http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"},{"type":"REPORT","url":"http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2012-5881"}],"affected":[{"package":{"name":"yui","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/yui@2.9.0.dfsg.0.1-0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.0.dfsg.0.1-0.1"}]}],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"libjs-yui","binary_version":"2.9.0.dfsg.0.1-0.1"},{"binary_name":"libjs-yui-doc","binary_version":"2.9.0.dfsg.0.1-0.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-5881.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}