Vulnerability Database
289,871
Total vulnerabilities in the database
CVE-2013-4939
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
| Software | From | Fixed in |
|---|---|---|
| yahoo / yui | 3.8.0 | 3.8.0.x |
| moodle / moodle | 2.3.4 | 2.3.4.x |
| yahoo / yui | 3.5.0 | 3.5.0.x |
| moodle / moodle | 2.2.2 | 2.2.2.x |
| yahoo / yui | 3.8.1 | 3.8.1.x |
| yahoo / yui | 3.6.0 | 3.6.0.x |
| yahoo / yui | 3.1.0 | 3.1.0.x |
| moodle / moodle | 2.3.1 | 2.3.1.x |
| moodle / moodle | 2.4.3 | 2.4.3.x |
| moodle / moodle | 2.4.1 | 2.4.1.x |
| yahoo / yui | 3.7.0 | 3.7.0.x |
| moodle / moodle | 2.2.9 | 2.2.9.x |
| moodle / moodle | 2.1.2 | 2.1.2.x |
| moodle / moodle | 2.4.2 | 2.4.2.x |
| moodle / moodle | 2.2.6 | 2.2.6.x |
| yahoo / yui | 3.10.0 | 3.10.0.x |
| yahoo / yui | 3.2.0 | 3.2.0.x |
| yahoo / yui | 3.7.2 | 3.7.2.x |
| moodle / moodle | 2.3.6 | 2.3.6.x |
| yahoo / yui | 3.9.0 | 3.9.0.x |
| moodle / moodle | 2.1.10 | 2.1.10.x |
| moodle / moodle | 2.1.8 | 2.1.8.x |
| yahoo / yui | 3.1.1 | 3.1.1.x |
| yahoo / yui | 3.7.1 | 3.7.1.x |
| moodle / moodle | 2.2.8 | 2.2.8.x |
| yahoo / yui | 3.10.1 | 3.10.1.x |
| yahoo / yui | 3.0.0 | 3.0.0.x |
| moodle / moodle | 2.1.9 | 2.1.9.x |
| yahoo / yui | 3.3.0 | 3.3.0.x |
| moodle / moodle | 2.3.5 | 2.3.5.x |
| moodle / moodle | 2.1.1 | 2.1.1.x |
| moodle / moodle | 2.4.4 | 2.4.4.x |
| moodle / moodle | 2.1.5 | 2.1.5.x |
| moodle / moodle | 2.1.6 | 2.1.6.x |
| yahoo / yui | 3.4.1 | 3.4.1.x |
| moodle / moodle | 2.3.3 | 2.3.3.x |
| yahoo / yui | 3.1.2 | 3.1.2.x |
| moodle / moodle | 2.1.3 | 2.1.3.x |
| moodle / moodle | 2.2.10 | 2.2.10.x |
| moodle / moodle | 2.2.1 | 2.2.1.x |
| yahoo / yui | 3.10.2 | 3.10.2.x |
| moodle / moodle | 2.2.7 | 2.2.7.x |
| moodle / moodle | 2.2.3 | 2.2.3.x |
| moodle / moodle | 2.2.5 | 2.2.5.x |
| yahoo / yui | 3.7.3 | 3.7.3.x |
| moodle / moodle | 2.3.7 | 2.3.7.x |
| yahoo / yui | 3.9.1 | 3.9.1.x |
| moodle / moodle | 2.1.7 | 2.1.7.x |
| yahoo / yui | 3.4.0 | 3.4.0.x |
| yahoo / yui | 3.5.1 | 3.5.1.x |
| moodle / moodle | 2.3.2 | 2.3.2.x |
| moodle / moodle | 2.2.4 | 2.2.4.x |
| moodle / moodle | 2.1.4 | 2.1.4.x |
| moodle / moodle | 2.1.0 | 2.1.0.x |
| moodle / moodle | 2.2.0 | 2.2.0.x |
| moodle / moodle | 2.3.0 | 2.3.0.x |
| moodle / moodle | 2.4.0 | 2.4.0.x |
| moodle / moodle | 2.5.0 | 2.5.0.x |
yui
|
- | 3.10.3 |
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
- http://yuilibrary.com/support/20130515-vulnerability/
- https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E
- https://moodle.org/mod/forum/discuss.php?d=232496
- https://www.npmjs.com/advisories/332
- https://yuilibrary.com/support/20130515-vulnerability/