Cross-Site Scripting Vulnerability in Yahoo! YUI Affecting Moodle
CVE-2013-4942

Currently unrated

Key Information:

Vendor: Yahoo
Status: Yui; Moodle
Vendor: CVE Published:; 29 July 2013

What is CVE-2013-4942?

An XSS vulnerability exists in the flashuploader.swf component within Yahoo! YUI versions 3.5.0 to 3.9.1, affecting various Moodle versions. This flaw enables remote attackers to execute arbitrary web scripts or HTML by injecting a specially crafted string through a URL. As a result, potentially sensitive data may be compromised, and users can be subject to malicious actions taken by the injected scripts.

References

https://moodle.org/mod/forum/discuss.php?d=232496

x_refsource_CONFIRM

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=...

x_refsource_CONFIRM

http://yuilibrary.com/support/20130515-vulnerability/

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 29, 2013

CVE-2013-4942 Data

JSON