CVE-2013-4942 – yui

Package

Manager: npm
Name: yui
Vulnerable Version: >=3.2.0 <=3.9.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00322 pctl0.54624

Details

YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Metadata

Created: 2022-05-13T01:12:55Z
Modified: 2025-04-12T03:26:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9ww8-j8j2-3788/GHSA-9ww8-j8j2-3788.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9ww8-j8j2-3788
Finding: F008
Auto approve: 1