Cross-Site Scripting Vulnerability in Yahoo! YUI Affects Moodle and Other Products
CVE-2013-4941

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui; Moodle
Vendor: CVE Published:; 29 July 2013

What is CVE-2013-4941?

A cross-site scripting (XSS) vulnerability was discovered in the uploader.swf component of Yahoo! YUI versions 3.2.0 to 3.9.1. This issue affects various versions of Moodle and allows remote attackers to inject arbitrary web scripts or HTML content through specially crafted URLs. As a result, users may be exposed to malicious payloads, encouraging the need for immediate remediation.

References

https://moodle.org/mod/forum/discuss.php?d=232496

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_CONFIRM

http://yuilibrary.com/support/20130515-vulnerability/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 29, 2013

CVE-2013-4941 Data

JSON