Cross-Site Scripting Vulnerability in Yahoo! YUI Affecting Moodle and Other Products
CVE-2013-4939

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui; Moodle
Vendor: CVE Published:; 29 July 2013

What is CVE-2013-4939?

An XSS vulnerability exists in the IO Utility component of Yahoo! YUI versions 3.0.0 through 3.9.1, which is utilized in various releases of Moodle. This vulnerability permits remote attackers to execute arbitrary web scripts or HTML by injecting crafted strings into URLs, potentially compromising user data and website integrity. It is crucial for administrators to update their YUI implementation and Moodle versions to mitigate this risk.

References

https://moodle.org/mod/forum/discuss.php?d=232496

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_CONFIRM

http://yuilibrary.com/support/20130515-vulnerability/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 29, 2013
Vulnerability Reserved
Jul 26, 2013

CVE-2013-4939 Data

JSON