CVE-2010-4710

YUI <2.9.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.

References (4)

[Various Sources] http://yuilibrary.com/forum/viewtopic.php?p=12923

[Various Sources] http://yuilibrary.com/projects/yui2/ticket/2529228

[Various Sources] http://yuilibrary.com/projects/yui2/ticket/2529231

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/65180

Scores

EPSS 0.0023

EPSS Percentile 46.0%

Classification

CWE

CWE-79

Status published

Affected Products (16)

yahoo/yui < 2.8.2

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

yahoo/yui

... and 1 more

Timeline

Published Jan 28, 2011

Tracked Since Feb 18, 2026