CVE-2013-6780

Publication date

2013-11-13 15:00:00

Family

mitre

State

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.