CVE-2013-4942

EPSS 0.32%

YUI Cross-site Scripting (XSS) vulnerability

Published: 5/13/2022Modified: 4/12/2025

Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Affected packages (2)

npm/yui>= 3.2.0, <= 3.9.1
Packagist/moodle/moodlefrom 0, < 2.2.11

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-4942
WEBhttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
WEBhttps://moodle.org/mod/forum/discuss.php?d=232496
WEBhttps://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability