CVE-2013-4939 — Cross-site Scripting in YUI

CWE-79 — Cross-site Scripting6 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 45.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yahoo YUI Moodle

Timeline

PublishedJul 29

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDmoodle/moodle36 versions+35

▶npmyahoo/yui< 3.10.3

▶NVDyahoo/yui22 versions+21

Patches

Patch: yuilibrary.com ↗Patch: yuilibrary.com ↗

🔴Vulnerability Details

GHSA

YUI Cross-site Scripting (XSS) vulnerability↗2022-05-13

▶

GHSA

Cross-Site Scripting in yui↗2020-09-01

▶

OSV

Cross-Site Scripting in yui↗2020-09-01

▶

CVEList

CVE-2013-4939: Cross-site scripting (XSS) vulnerability in io↗2013-07-26

▶

💬Community

Bugzilla

CVE-2013-2242 CVE-2013-2243 CVE-2013-2244 CVE-2013-2245 CVE-2013-2246 CVE-2013-4938 CVE-2013-4939 CVE-2013-4940 CVE-2013-4941 CVE-2013-4942 moodle: upstream 2.5.1, 2.4.5, 2.3.8, 2.2.11 security fixes↗2013-07-18

▶