PDA

View Full Version : Vulnerable Script on SBI?



Renk
11.02.19, 17:10
On my browser I have the addon Retire-js (https://addons.mozilla.org/en-US/firefox/addon/retire-js/), whose purpose is to detect vulnerable js librairies on sites.

On SBI, this addon informs me it has found a vulnérable script:
19857

Here are this vulnerability details:
https://www.cvedetails.com/cve/CVE-2012-5883/

Rebound
11.02.19, 23:35
It's a false positive. We are using the fixed uploader.swf since the exploit was published. But thanks for the report anyway. :)

anon
13.02.19, 02:55
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.

Another reason not to have Flash Player installed, even if this vulnerability was first discovered eight years ago.