Vulnerabilities > Yahoo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-07-29 | CVE-2013-4940 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | 4.3 |
| 2013-07-18 | CVE-2013-4873 | Credentials Management vulnerability in Yahoo Tumblr 3.4.0 The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |
| 2013-06-03 | CVE-2013-2316 | Address Bar Spoofing vulnerability in Yahoo! Browser for Android The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. network yahoo | 5.8 |
| 2013-04-26 | CVE-2013-2307 | Address Bar Spoofing vulnerability in Yahoo Yahoo! Browser 1.2.0/1.4.2 The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. network yahoo | 5.8 |
| 2012-11-16 | CVE-2012-5883 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. | 4.3 |
| 2012-11-16 | CVE-2012-5882 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. | 4.3 |
| 2012-11-16 | CVE-2012-5881 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. | 4.3 |
| 2012-07-31 | CVE-2012-2647 | Information Exposure vulnerability in Yahoo Toolbar 1.0.0.5 Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | 5.8 |
| 2012-07-16 | CVE-2012-2645 | Information Exposure vulnerability in Yahoo Yahoo! Browser 1.2.0 The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 4.3 |
| 2012-01-19 | CVE-2012-0268 | Numeric Errors vulnerability in Yahoo Messenger Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. | 5.1 |