Search Results (69 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-2645 2 Google, Yahoo 2 Android, Yahoo\! Browser 2025-04-11 N/A
The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application.
CVE-2012-2647 3 Apple, Google, Yahoo 3 Safari, Chrome, Toolbar 2025-04-11 N/A
Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page.
CVE-2013-6853 3 Apple, Mozilla, Yahoo 3 Macos, Firefox, Toolbar 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
CVE-2013-4873 1 Yahoo 1 Tumblr 2025-04-11 N/A
The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2013-4942 2 Moodle, Yahoo 2 Moodle, Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2013-4940 2 Moodle, Yahoo 2 Moodle, Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.
CVE-2010-4710 1 Yahoo 1 Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
CVE-2013-4939 2 Moodle, Yahoo 2 Moodle, Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
CVE-2019-6035 1 Yahoo 1 Athenz 2024-11-21 6.1 Medium
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.