Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) `yui` is an open source JavaScript and CSS framework for building richly interactive web applications. Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via `.swf` files, allowing arbitrary code injection into the hosting server. Notes: If your site loads YUI 2 from a CDN (yui.yahooapis.com, ajax.googleapis.com, etc.) and not from your own domain, you are not affected. YUI 3 is not affected by this issue. Whether or not your site uses the affected components, simply hosting an affected file means you are vulnerable. This vulnerability is similar to CVE-2010-4207. How to fix Cross-site Scripting (XSS)? Upgrade `yui` to version 3.0.0 or higher.	[2.4.0,3.0.0)

Cross-site Scripting (XSS)

yui is an open source JavaScript and CSS framework for building richly interactive web applications. Affected versions of the package are vulnerable to Cross-site Scripting (XSS) via .swf files, allowing arbitrary code injection into the hosting server.

Notes:

If your site loads YUI 2 from a CDN (yui.yahooapis.com, ajax.googleapis.com, etc.) and not from your own domain, you are not affected.
YUI 3 is not affected by this issue.
Whether or not your site uses the affected components, simply hosting an affected file means you are vulnerable.

This vulnerability is similar to CVE-2010-4207.

How to fix Cross-site Scripting (XSS)?

Upgrade yui to version 3.0.0 or higher.

[2.4.0,3.0.0)

Go back to all versions of this package