WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-4942 Vulnerability in maven package org.webjars:yui

Description

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678

http://yuilibrary.com/support/20130515-vulnerability/

https://moodle.org/mod/forum/discuss.php?d=232496

Related Vulnerabilities

CVE-2023-25653 Vulnerability in maven package org.webjars.npm:node-jose

CVE-2020-11988 Vulnerability in maven package org.apache.xmlgraphics:xmlgraphics-commons

CVE-2023-25499 Vulnerability in maven package com.vaadin:flow-server

CVE-2022-41932 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2023-50719 Vulnerability in maven package org.xwiki.platform:xwiki-platform-mail-general

Severity

Critical

Classification

CWE-79

Tags

Patch Vendor Advisory