Vulnerabilities > Yahoo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-26 | CVE-2019-6035 | Open Redirect vulnerability in Yahoo Athenz Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page. | 5.8 |
| 2014-09-11 | CVE-2014-5881 | Cryptographic Issues vulnerability in Yahoo Ybox 1.5.1 The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2014-01-26 | CVE-2013-6853 | Cross-site Scripting vulnerability in Yahoo Toolbar 2.5.9.2013418100420/3.1.0.20130813024103 Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim. | 4.3 |
| 2013-11-13 | CVE-2013-6780 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter. | 4.3 |
| 2013-08-21 | CVE-2013-4700 | Cryptographic Issues vulnerability in Yahoo Japan Shopping 1.4 The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2013-08-21 | CVE-2013-4699 | Cryptographic Issues vulnerability in Yahoo Yafuoku! 4.3.0 The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
| 2013-07-29 | CVE-2013-4942 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | 4.3 |
| 2013-07-29 | CVE-2013-4941 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | 4.3 |
| 2013-07-29 | CVE-2013-4940 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | 4.3 |
| 2013-07-18 | CVE-2013-4873 | Credentials Management vulnerability in Yahoo Tumblr 3.4.0 The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | 5.0 |