Forum OpenACS Development: YUI Vulnerability
I have drawn a sample and downloaded the charts.swf that is currently checked in in ajaxhelper. It turns out that it is an affected version (md5 checksum is listed as affected).
So, firstly, the files in CVS should be patched. Secondly, everyone who has these files on their servers should upgrade, whether or not these components are used!
All the best,
The general recommendation is to consider the phase out of YUI in OpenACS applications since the development of YUI has stopped (in 2014, [1,2]).