WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-4942 Vulnerability in maven package org.webjars:yui

Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678

http://yuilibrary.com/support/20130515-vulnerability/

https://moodle.org/mod/forum/discuss.php?d=232496

Related Vulnerabilities

CVE-2023-46131 Vulnerability in maven package org.grails:grails-web-common

CVE-2017-16015 Vulnerability in npm package forms

CVE-2023-50728 Vulnerability in npm package @octokit/app

CVE-2018-1000615 Vulnerability in maven package org.onosproject:onos-ovsdb

CVE-2021-39152 Vulnerability in maven package com.thoughtworks.xstream:xstream

Severity

Critical

Classification

CWE-79

Tags

Patch Vendor Advisory