CVE-2013-4942

NONE EPSS 64.1%
Published Jul 29, 201312y ago · Modified Jun 16, 20262w ago
Find Similar
Published Jul 29, 2013 12y ago
Last Modified Jun 16, 2026 2w ago

Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Threat Intelligence

EPSS Exploit Probability
64.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 50

VendorProductVersionRange
moodlemoodle2.1.0any
moodlemoodle2.1.1any
moodlemoodle2.1.2any
moodlemoodle2.1.3any
moodlemoodle2.1.4any
moodlemoodle2.1.5any
moodlemoodle2.1.6any
moodlemoodle2.1.7any
moodlemoodle2.1.8any
moodlemoodle2.1.9any
moodlemoodle2.1.10any
moodlemoodle2.2.0any
moodlemoodle2.2.1any
moodlemoodle2.2.2any
moodlemoodle2.2.3any
moodlemoodle2.2.4any
moodlemoodle2.2.5any
moodlemoodle2.2.6any
moodlemoodle2.2.7any
moodlemoodle2.2.8any
moodlemoodle2.2.9any
moodlemoodle2.2.10any
moodlemoodle2.3.0any
moodlemoodle2.3.1any
moodlemoodle2.3.2any
moodlemoodle2.3.3any
moodlemoodle2.3.4any
moodlemoodle2.3.5any
moodlemoodle2.3.6any
moodlemoodle2.3.7any
moodlemoodle2.4.0any
moodlemoodle2.4.1any
moodlemoodle2.4.2any
moodlemoodle2.4.3any
moodlemoodle2.4.4any
moodlemoodle2.5.0any
yahooyui3.5.0any
yahooyui3.5.1any
yahooyui3.6.0any
yahooyui3.7.0any
yahooyui3.7.1any
yahooyui3.7.2any
yahooyui3.7.3any
yahooyui3.8.0any
yahooyui3.8.1any
yahooyui3.9.0any
yahooyui3.9.1any
yahooyui3.10.0any
yahooyui3.10.1any
yahooyui3.10.2any

References 3

  • git.moodle.org http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
  • yuilibrary.com http://yuilibrary.com/support/20130515-vulnerability/
    PatchVendor Advisory
  • moodle.org https://moodle.org/mod/forum/discuss.php?d=232496
    Vendor Advisory

Remediation

  • yuilibrary.com http://yuilibrary.com/support/20130515-vulnerability/
    PatchVendor Advisory