CVE-2013-4939: XSS

First published: Fri Jul 26 2013(Updated: )

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Moodle Moodle	=2.1.0
Moodle Moodle	=2.1.1
Moodle Moodle	=2.1.2
Moodle Moodle	=2.1.3
Moodle Moodle	=2.1.4
Moodle Moodle	=2.1.5
Moodle Moodle	=2.1.6
Moodle Moodle	=2.1.7
Moodle Moodle	=2.1.8
Moodle Moodle	=2.1.9
Moodle Moodle	=2.1.10
Moodle Moodle	=2.2.0
Moodle Moodle	=2.2.1
Moodle Moodle	=2.2.2
Moodle Moodle	=2.2.3
Moodle Moodle	=2.2.4
Moodle Moodle	=2.2.5
Moodle Moodle	=2.2.6
Moodle Moodle	=2.2.7
Moodle Moodle	=2.2.8
Moodle Moodle	=2.2.9
Moodle Moodle	=2.2.10
Moodle Moodle	=2.3.0
Moodle Moodle	=2.3.1
Moodle Moodle	=2.3.2
Moodle Moodle	=2.3.3
Moodle Moodle	=2.3.4
Moodle Moodle	=2.3.5
Moodle Moodle	=2.3.6
Moodle Moodle	=2.3.7
Moodle Moodle	=2.4.0
Moodle Moodle	=2.4.1
Moodle Moodle	=2.4.2
Moodle Moodle	=2.4.3
Moodle Moodle	=2.4.4
Moodle Moodle	=2.5.0
Yahoo Yui	=3.0.0
Yahoo Yui	=3.1.0
Yahoo Yui	=3.1.1
Yahoo Yui	=3.1.2
Yahoo Yui	=3.2.0
Yahoo Yui	=3.3.0
Yahoo Yui	=3.4.0
Yahoo Yui	=3.4.1
Yahoo Yui	=3.5.0
Yahoo Yui	=3.5.1
Yahoo Yui	=3.6.0
Yahoo Yui	=3.7.0
Yahoo Yui	=3.7.1
Yahoo Yui	=3.7.2
Yahoo Yui	=3.7.3
Yahoo Yui	=3.8.0
Yahoo Yui	=3.8.1
Yahoo Yui	=3.9.0
Yahoo Yui	=3.9.1
Yahoo Yui	=3.10.0
Yahoo Yui	=3.10.1
Yahoo Yui	=3.10.2

Remedy

http://yuilibrary.com/support/20130515-vulnerability/

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/remedy
agent/description
agent/tags
agent/first-publish-date
collector/mitre-cve
source/MITRE
vendor/moodle
canonical/moodle moodle
version/moodle moodle/2.1.0
version/moodle moodle/2.1.1
version/moodle moodle/2.1.2
version/moodle moodle/2.1.3
version/moodle moodle/2.1.4
version/moodle moodle/2.1.5
version/moodle moodle/2.1.6
version/moodle moodle/2.1.7
version/moodle moodle/2.1.8
version/moodle moodle/2.1.9
version/moodle moodle/2.1.10
version/moodle moodle/2.2.0
version/moodle moodle/2.2.1
version/moodle moodle/2.2.2
version/moodle moodle/2.2.3
version/moodle moodle/2.2.4
version/moodle moodle/2.2.5
version/moodle moodle/2.2.6
version/moodle moodle/2.2.7
version/moodle moodle/2.2.8
version/moodle moodle/2.2.9
version/moodle moodle/2.2.10
version/moodle moodle/2.3.0
version/moodle moodle/2.3.1
version/moodle moodle/2.3.2
version/moodle moodle/2.3.3
version/moodle moodle/2.3.4
version/moodle moodle/2.3.5
version/moodle moodle/2.3.6
version/moodle moodle/2.3.7
version/moodle moodle/2.4.0
version/moodle moodle/2.4.1
version/moodle moodle/2.4.2
version/moodle moodle/2.4.3
version/moodle moodle/2.4.4
version/moodle moodle/2.5.0
vendor/yahoo
canonical/yahoo yui
version/yahoo yui/3.0.0
version/yahoo yui/3.1.0
version/yahoo yui/3.1.1
version/yahoo yui/3.1.2
version/yahoo yui/3.2.0
version/yahoo yui/3.3.0
version/yahoo yui/3.4.0
version/yahoo yui/3.4.1
version/yahoo yui/3.5.0
version/yahoo yui/3.5.1
version/yahoo yui/3.6.0
version/yahoo yui/3.7.0
version/yahoo yui/3.7.1
version/yahoo yui/3.7.2
version/yahoo yui/3.7.3
version/yahoo yui/3.8.0
version/yahoo yui/3.8.1
version/yahoo yui/3.9.0
version/yahoo yui/3.9.1
version/yahoo yui/3.10.0
version/yahoo yui/3.10.1
version/yahoo yui/3.10.2

CVE-2013-4939: XSS

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact