Moderate severityNVD Advisory· Published Jul 29, 2013· Updated Apr 29, 2026
CVE-2013-4941
CVE-2013-4941
Description
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yuinpm | >= 3.2.0, <= 3.9.1 | — |
moodle/moodlePackagist | < 2.2.11 | 2.2.11 |
moodle/moodlePackagist | >= 2.3.0, < 2.3.8 | 2.3.8 |
moodle/moodlePackagist | >= 2.4.0-rc1, < 2.4.5 | 2.4.5 |
moodle/moodlePackagist | >= 2.5.0-beta, < 2.5.1 | 2.5.1 |
Affected products
58cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- yuilibrary.com/support/20130515-vulnerability/nvdVendor Advisory
- github.com/advisories/GHSA-64r3-582j-frqmghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2013-4941ghsaADVISORY
- web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerabilityghsaWEB
News mentions
0No linked articles in our index yet.