Moderate severityNVD Advisory· Published Jul 29, 2013· Updated Apr 29, 2026
CVE-2013-4942
CVE-2013-4942
Description
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
yuinpm | >= 3.2.0, <= 3.9.1 | — |
moodle/moodlePackagist | < 2.2.11 | 2.2.11 |
moodle/moodlePackagist | >= 2.3.0, < 2.3.8 | 2.3.8 |
moodle/moodlePackagist | >= 2.4.0-rc1, < 2.4.5 | 2.4.5 |
moodle/moodlePackagist | >= 2.5.0-beta, < 2.5.1 | 2.5.1 |
Affected products
50cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*+ 35 more
- cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- yuilibrary.com/support/20130515-vulnerability/nvdPatchVendor Advisory
- github.com/advisories/GHSA-9ww8-j8j2-3788ghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2013-4942ghsaADVISORY
- web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerabilityghsaWEB
News mentions
0No linked articles in our index yet.