Cross-Site Scripting Vulnerability in Yahoo! YUI Affecting Moodle
CVE-2013-4940

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui; Moodle
Vendor: CVE Published:; 29 July 2013

What is CVE-2013-4940?

A cross-site scripting vulnerability exists in the IO Utility component of Yahoo! YUI, impacting multiple versions of Moodle. This flaw allows remote attackers to exploit the vulnerability through specially crafted URLs that can inject arbitrary web scripts or HTML into affected pages. Users of Moodle with versions specified are urged to upgrade to secure versions to mitigate this risk. The vulnerability is rooted in a regression from a previous issue, highlighting the importance of diligent updates and security practices.

References

https://moodle.org/mod/forum/discuss.php?d=232496

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_CONFIRM

http://yuilibrary.com/support/20130515-vulnerability/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 29, 2013

CVE-2013-4940 Data

JSON