CVE-2013-4939
EPSS 0.31%Cross-Site Scripting in yui
Published: 9/1/2020Modified: 11/8/2023
Also known as:GHSA-mj87-8xf8-fp4w
Description
Affected versions of `yui` are vulnerable to cross-site scripting in the `uploader.swf` and `io.swf` utilities, via script injection in the url. ## Recommendation YUI has published their recommendation to fix this issue. Their recommendation is to: - Delete self-hosted copies of these files if you are not using them - Use the Yahoo! CDN hosted files - Use the patched files provided on the YUI Library [here](https://yuilibrary.com/support/20130515-vulnerability/#resolution).
Affected packages (1)
- npm/yuifrom 0, < 3.10.3
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4939
- WEBhttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
- WEBhttps://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E
- WEBhttps://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E
- WEBhttps://moodle.org/mod/forum/discuss.php?d=232496
- WEBhttps://www.npmjs.com/advisories/332
- WEBhttps://yuilibrary.com/support/20130515-vulnerability
- WEBhttp://yuilibrary.com/support/20130515-vulnerability