WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-4942 Vulnerability in maven package org.webjars:yui

Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

https://moodle.org/mod/forum/discuss.php?d=232496

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678

http://yuilibrary.com/support/20130515-vulnerability/

Related Vulnerabilities

CVE-2019-1003039 Vulnerability in maven package org.jenkins-ci.plugins:appdynamics-dashboard

CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro

CVE-2022-41230 Vulnerability in maven package org.jenkins-ci.plugins:build-publisher

CVE-2023-32978 Vulnerability in maven package org.jenkins-ci.plugins:ldap

CVE-2019-8331 Vulnerability in maven package org.fujion.webjars:bootstrap

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory Patch