WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-4942 Vulnerability in maven package org.webjars:yui

Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678

http://yuilibrary.com/support/20130515-vulnerability/

https://moodle.org/mod/forum/discuss.php?d=232496

Related Vulnerabilities

CVE-2020-28500 Vulnerability in maven package org.fujion.webjars:lodash

CVE-2011-0013 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2022-22969 Vulnerability in maven package org.springframework.security.oauth:spring-security-oauth

CVE-2019-13173 Vulnerability in maven package org.webjars.npm:fstream

CVE-2013-4378 Vulnerability in maven package net.bull.javamelody:javamelody-core

Severity

Critical

Classification

CWE-79

Tags

Patch Vendor Advisory