CVE-2013-4941
NONE EPSS 64.1%
Published Jul 29, 201312y ago · Modified Jun 16, 20262w ago
Published Jul 29, 2013 12y ago
Last Modified Jun 16, 2026 2w ago
Description
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Threat Intelligence
EPSS Exploit Probability
64.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 58
| Vendor | Product | Version | Range |
|---|---|---|---|
| moodle | moodle | 2.1.0 | any |
| moodle | moodle | 2.1.1 | any |
| moodle | moodle | 2.1.2 | any |
| moodle | moodle | 2.1.3 | any |
| moodle | moodle | 2.1.4 | any |
| moodle | moodle | 2.1.5 | any |
| moodle | moodle | 2.1.6 | any |
| moodle | moodle | 2.1.7 | any |
| moodle | moodle | 2.1.8 | any |
| moodle | moodle | 2.1.9 | any |
| moodle | moodle | 2.1.10 | any |
| moodle | moodle | 2.2.0 | any |
| moodle | moodle | 2.2.1 | any |
| moodle | moodle | 2.2.2 | any |
| moodle | moodle | 2.2.3 | any |
| moodle | moodle | 2.2.4 | any |
| moodle | moodle | 2.2.5 | any |
| moodle | moodle | 2.2.6 | any |
| moodle | moodle | 2.2.7 | any |
| moodle | moodle | 2.2.8 | any |
| moodle | moodle | 2.2.9 | any |
| moodle | moodle | 2.2.10 | any |
| moodle | moodle | 2.3.0 | any |
| moodle | moodle | 2.3.1 | any |
| moodle | moodle | 2.3.2 | any |
| moodle | moodle | 2.3.3 | any |
| moodle | moodle | 2.3.4 | any |
| moodle | moodle | 2.3.5 | any |
| moodle | moodle | 2.3.6 | any |
| moodle | moodle | 2.3.7 | any |
| moodle | moodle | 2.4.0 | any |
| moodle | moodle | 2.4.1 | any |
| moodle | moodle | 2.4.2 | any |
| moodle | moodle | 2.4.3 | any |
| moodle | moodle | 2.4.4 | any |
| moodle | moodle | 2.5.0 | any |
| yahoo | yui | 3.0.0 | any |
| yahoo | yui | 3.1.0 | any |
| yahoo | yui | 3.1.1 | any |
| yahoo | yui | 3.1.2 | any |
| yahoo | yui | 3.2.0 | any |
| yahoo | yui | 3.3.0 | any |
| yahoo | yui | 3.4.0 | any |
| yahoo | yui | 3.4.1 | any |
| yahoo | yui | 3.5.0 | any |
| yahoo | yui | 3.5.1 | any |
| yahoo | yui | 3.6.0 | any |
| yahoo | yui | 3.7.0 | any |
| yahoo | yui | 3.7.1 | any |
| yahoo | yui | 3.7.2 | any |
| yahoo | yui | 3.7.3 | any |
| yahoo | yui | 3.8.0 | any |
| yahoo | yui | 3.8.1 | any |
| yahoo | yui | 3.9.0 | any |
| yahoo | yui | 3.9.1 | any |
| yahoo | yui | 3.10.0 | any |
| yahoo | yui | 3.10.1 | any |
| yahoo | yui | 3.10.2 | any |
References 3
- git.moodle.org http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
- yuilibrary.com http://yuilibrary.com/support/20130515-vulnerability/
- moodle.org https://moodle.org/mod/forum/discuss.php?d=232496
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.