VDB
CVE-2010-4209
CVE-2010-4209
PUBLISHED
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.
EPSS 2.77% · 86.3th percentile
Risk Scores
EPSS Score
2.77%
86.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | loggerhead | 0, 1.19~bzr479+dfsg-2 |
| Ubuntu:22.04:LTS | loggerhead | 0, 1.19~bzr511-1 |
| Ubuntu:24.04:LTS | loggerhead | 2.0.1+bzr541+ds-2, 0 |
| Ubuntu:16.04:LTS | webgui | 7.10.29-3, 0 |
| Ubuntu:16.04:LTS | loggerhead | 1.19~bzr479+dfsg-1, 0, 1.19~bzr479+dfsg-1ubuntu1 |
| Ubuntu:20.04:LTS | loggerhead | 1.19~bzr479+dfsg-3, 1.19~bzr494-1, 0 |
| Ubuntu:25.10 | loggerhead | *, 0 |
Exploit Intelligence
- FEDORA-2010-17280 (circl)
- http://yuilibrary.com/support/2.8.2/ (circl)
- ADV-2010-2878 (circl)
- 20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3 (circl)
- http://www.bugzilla.org/security/3.2.8/ (circl)
- FEDORA-2010-17274 (circl)
- 41955 (circl)
- 1024683 (circl)
- 44420 (circl)
- SUSE-SR:2010:021 (circl)
…and 4 more exploits
Timeline
- Nov 7, 2010 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Aug 7, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Apr 6, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 9, 2025 EPSS Score
- Apr 10, 2025 EPSS Score
- Apr 11, 2025 EPSS Score
- May 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2010-4209 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2010-4209 third-party-advisory