CVE-2013-4941 – yui

Package

Manager: npm
Name: yui
Vulnerable Version: >=3.2.0 <=3.9.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00322 pctl0.54624

Details

YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Metadata

Created: 2022-05-13T01:12:54Z
Modified: 2025-04-12T03:25:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-64r3-582j-frqm/GHSA-64r3-582j-frqm.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-64r3-582j-frqm
Finding: F008
Auto approve: 1