Vulnerabilites related to yahoo - yui
CVE-2010-4209 (GCVE-0-2010-4209)
Vulnerability from cvelistv5
Published
2010-11-07 21:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-17280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2010-17280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2010-17280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name": "http://yuilibrary.com/support/2.8.2/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"name": "http://www.bugzilla.org/security/3.2.8/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4209",
"datePublished": "2010-11-07T21:00:00",
"dateReserved": "2010-11-07T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4942 (GCVE-0-2013-4942)
Vulnerability from cvelistv5
Published
2013-07-26 22:00
Modified
2024-09-16 17:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://moodle.org/mod/forum/discuss.php?d=232496 | x_refsource_CONFIRM | |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 | x_refsource_CONFIRM | |
| http://yuilibrary.com/support/20130515-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:40.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=232496",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4942",
"datePublished": "2013-07-26T22:00:00Z",
"dateReserved": "2013-07-26T00:00:00Z",
"dateUpdated": "2024-09-16T17:15:23.118Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4941 (GCVE-0-2013-4941)
Vulnerability from cvelistv5
Published
2013-07-26 22:00
Modified
2024-09-16 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://moodle.org/mod/forum/discuss.php?d=232496 | x_refsource_CONFIRM | |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 | x_refsource_CONFIRM | |
| http://yuilibrary.com/support/20130515-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=232496",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4941",
"datePublished": "2013-07-26T22:00:00Z",
"dateReserved": "2013-07-26T00:00:00Z",
"dateUpdated": "2024-09-16T18:56:17.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5882 (GCVE-0-2012-5882)
Vulnerability from cvelistv5
Published
2012-11-16 11:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/ | x_refsource_CONFIRM | |
| http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/56385 | vdb-entry, x_refsource_BID | |
| http://yuilibrary.com/support/20121030-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:28.339Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56385"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-20T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56385"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "http://yuilibrary.com/support/20121030-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5882",
"datePublished": "2012-11-16T11:00:00",
"dateReserved": "2012-11-16T00:00:00",
"dateUpdated": "2024-08-06T21:21:28.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4710 (GCVE-0-2010-4710)
Vulnerability from cvelistv5
Published
2011-01-28 20:29
Modified
2024-08-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
References
| ▼ | URL | Tags |
|---|---|---|
| http://yuilibrary.com/projects/yui2/ticket/2529231 | x_refsource_CONFIRM | |
| http://yuilibrary.com/projects/yui2/ticket/2529228 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/65180 | vdb-entry, x_refsource_XF | |
| http://yuilibrary.com/forum/viewtopic.php?p=12923 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/projects/yui2/ticket/2529231"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"name": "yui-additem-xss(65180)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://yuilibrary.com/forum/viewtopic.php?p=12923"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/projects/yui2/ticket/2529231"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"name": "yui-additem-xss(65180)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://yuilibrary.com/forum/viewtopic.php?p=12923"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://yuilibrary.com/projects/yui2/ticket/2529231",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529231"
},
{
"name": "http://yuilibrary.com/projects/yui2/ticket/2529228",
"refsource": "MISC",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"name": "yui-additem-xss(65180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180"
},
{
"name": "http://yuilibrary.com/forum/viewtopic.php?p=12923",
"refsource": "MISC",
"url": "http://yuilibrary.com/forum/viewtopic.php?p=12923"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4710",
"datePublished": "2011-01-28T20:29:00",
"dateReserved": "2011-01-28T00:00:00",
"dateUpdated": "2024-08-07T03:55:35.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4939 (GCVE-0-2013-4939)
Vulnerability from cvelistv5
Published
2013-07-26 22:00
Modified
2024-08-06 16:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
References
| ▼ | URL | Tags |
|---|---|---|
| https://moodle.org/mod/forum/discuss.php?d=232496 | x_refsource_CONFIRM | |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 | x_refsource_CONFIRM | |
| http://yuilibrary.com/support/20130515-vulnerability/ | x_refsource_CONFIRM | |
| https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E | mailing-list, x_refsource_MLIST | |
| https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T18:06:40",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=232496",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4939",
"datePublished": "2013-07-26T22:00:00",
"dateReserved": "2013-07-26T00:00:00",
"dateUpdated": "2024-08-06T16:59:41.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5883 (GCVE-0-2012-5883)
Vulnerability from cvelistv5
Published
2012-11-16 11:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=808845 | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2013:066 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/ | x_refsource_CONFIRM | |
| http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/ | x_refsource_CONFIRM | |
| http://www.bugzilla.org/security/3.6.11/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/56385 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80116 | vdb-entry, x_refsource_XF | |
| http://yuilibrary.com/support/20121030-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.140Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845"
},
{
"name": "MDVSA-2013:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/3.6.11/"
},
{
"name": "56385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "bugzilla-flash-xss(80116)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845"
},
{
"name": "MDVSA-2013:066",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/3.6.11/"
},
{
"name": "56385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "bugzilla-flash-xss(80116)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845"
},
{
"name": "MDVSA-2013:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "http://www.bugzilla.org/security/3.6.11/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.6.11/"
},
{
"name": "56385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "bugzilla-flash-xss(80116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116"
},
{
"name": "http://yuilibrary.com/support/20121030-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5883",
"datePublished": "2012-11-16T11:00:00",
"dateReserved": "2012-11-16T00:00:00",
"dateUpdated": "2024-08-06T21:21:27.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5881 (GCVE-0-2012-5881)
Vulnerability from cvelistv5
Published
2012-11-16 11:00
Modified
2024-08-06 21:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/ | x_refsource_CONFIRM | |
| http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/ | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/56385 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80118 | vdb-entry, x_refsource_XF | |
| http://yuilibrary.com/support/20121030-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:21:27.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "yui-flash-component-xss(80118)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "yui-flash-component-xss(80118)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/",
"refsource": "CONFIRM",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"name": "56385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"name": "yui-flash-component-xss(80118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
},
{
"name": "http://yuilibrary.com/support/20121030-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5881",
"datePublished": "2012-11-16T11:00:00",
"dateReserved": "2012-11-16T00:00:00",
"dateUpdated": "2024-08-06T21:21:27.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4207 (GCVE-0-2010-4207)
Vulnerability from cvelistv5
Published
2010-11-07 21:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moodle.org/mod/forum/discuss.php?d=160910",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name": "http://yuilibrary.com/support/2.8.2/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"name": "http://www.bugzilla.org/security/3.2.8/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4207",
"datePublished": "2010-11-07T21:00:00",
"dateReserved": "2010-11-07T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-4940 (GCVE-0-2013-4940)
Vulnerability from cvelistv5
Published
2013-07-26 22:00
Modified
2024-09-17 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.
References
| ▼ | URL | Tags |
|---|---|---|
| https://moodle.org/mod/forum/discuss.php?d=232496 | x_refsource_CONFIRM | |
| http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 | x_refsource_CONFIRM | |
| http://yuilibrary.com/support/20130515-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:59:41.021Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-07-26T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://moodle.org/mod/forum/discuss.php?d=232496",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"name": "http://yuilibrary.com/support/20130515-vulnerability/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-4940",
"datePublished": "2013-07-26T22:00:00Z",
"dateReserved": "2013-07-26T00:00:00Z",
"dateUpdated": "2024-09-17T02:06:31.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4208 (GCVE-0-2010-4208)
Vulnerability from cvelistv5
Published
2010-11-07 21:00
Modified
2024-08-07 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42271"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-10T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42271"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://moodle.org/mod/forum/discuss.php?d=160910",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"name": "FEDORA-2010-17280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"name": "http://yuilibrary.com/support/2.8.2/",
"refsource": "CONFIRM",
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"name": "ADV-2010-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"name": "20101103 Security Advisory for Bugzilla 3.2.8, 3.4.8, 3.6.2, and 3.7.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"name": "http://www.bugzilla.org/security/3.2.8/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"name": "FEDORA-2010-17274",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"name": "41955",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41955"
},
{
"name": "1024683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"name": "44420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "FEDORA-2010-17235",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"name": "ADV-2010-2975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"name": "[oss-security] 20101107 Re: CVE request: moodle 1.9.10",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"name": "42271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42271"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4208",
"datePublished": "2010-11-07T21:00:00",
"dateReserved": "2010-11-07T00:00:00",
"dateUpdated": "2024-08-07T03:34:37.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6780 (GCVE-0-2013-6780)
Vulnerability from cvelistv5
Published
2013-11-13 15:00
Modified
2024-08-06 17:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.securitytracker.com/id/1029528 | vdb-entry, x_refsource_SECTRACK | |
| http://openwall.com/lists/oss-security/2013/11/25/1 | mailing-list, x_refsource_MLIST | |
| https://yuilibrary.com/support/20131111-vulnerability/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:46:23.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-05-18T14:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"name": "1029528",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029528"
},
{
"name": "[oss-security] 20131125 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"name": "https://yuilibrary.com/support/20131111-vulnerability/",
"refsource": "CONFIRM",
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-6780",
"datePublished": "2013-11-13T15:00:00",
"dateReserved": "2013-11-12T00:00:00",
"dateUpdated": "2024-08-06T17:46:23.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| moodle | moodle | 2.1.0 | |
| moodle | moodle | 2.1.1 | |
| moodle | moodle | 2.1.2 | |
| moodle | moodle | 2.1.3 | |
| moodle | moodle | 2.1.4 | |
| moodle | moodle | 2.1.5 | |
| moodle | moodle | 2.1.6 | |
| moodle | moodle | 2.1.7 | |
| moodle | moodle | 2.1.8 | |
| moodle | moodle | 2.1.9 | |
| moodle | moodle | 2.1.10 | |
| moodle | moodle | 2.2.0 | |
| moodle | moodle | 2.2.1 | |
| moodle | moodle | 2.2.2 | |
| moodle | moodle | 2.2.3 | |
| moodle | moodle | 2.2.4 | |
| moodle | moodle | 2.2.5 | |
| moodle | moodle | 2.2.6 | |
| moodle | moodle | 2.2.7 | |
| moodle | moodle | 2.2.8 | |
| moodle | moodle | 2.2.9 | |
| moodle | moodle | 2.2.10 | |
| moodle | moodle | 2.3.0 | |
| moodle | moodle | 2.3.1 | |
| moodle | moodle | 2.3.2 | |
| moodle | moodle | 2.3.3 | |
| moodle | moodle | 2.3.4 | |
| moodle | moodle | 2.3.5 | |
| moodle | moodle | 2.3.6 | |
| moodle | moodle | 2.3.7 | |
| moodle | moodle | 2.4.0 | |
| moodle | moodle | 2.4.1 | |
| moodle | moodle | 2.4.2 | |
| moodle | moodle | 2.4.3 | |
| moodle | moodle | 2.4.4 | |
| moodle | moodle | 2.5.0 | |
| yahoo | yui | 3.5.0 | |
| yahoo | yui | 3.5.1 | |
| yahoo | yui | 3.6.0 | |
| yahoo | yui | 3.7.0 | |
| yahoo | yui | 3.7.1 | |
| yahoo | yui | 3.7.2 | |
| yahoo | yui | 3.7.3 | |
| yahoo | yui | 3.8.0 | |
| yahoo | yui | 3.8.1 | |
| yahoo | yui | 3.9.0 | |
| yahoo | yui | 3.9.1 | |
| yahoo | yui | 3.10.0 | |
| yahoo | yui | 3.10.1 | |
| yahoo | yui | 3.10.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18C6F348-DAE9-4440-8B3A-8D92ADC6606F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "367537BF-CBDF-4CBB-91B4-6E5A567EF605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DABBF325-C48A-4838-AC5D-0565C78976CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02B72177-DFB0-4242-9ED6-068E5751579B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7226EE65-CC9F-4FDA-9791-3C8047D5C04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC55ECE-8185-4FC0-A4C9-14AABD136650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFDE1FC-992E-4610-A62D-282B448402AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8EA8F6-D689-4726-9B02-0C555EFF56AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "633480C9-D415-4BF9-9185-547EAB7ADBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D4994E7C-196E-4EDC-B192-836AB3C8731B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E993FB9B-B157-4CDC-B4A9-B8CA89668E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED2D6B-48F7-444D-8EC7-C51719F970CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36B291C0-7E41-4073-AFFF-CFEFEDDFD6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4E36C4AB-0599-40A3-BD80-4DDB1631A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A04348FF-A3BE-4063-A208-27C3E46B67EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E15AADAA-EFF5-4116-A683-D2B9824AA353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C917E5A8-ABE8-4F01-8580-329836CC2C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70C08FF1-BAA7-4534-98E4-80231C25BC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "025832C9-F1A4-4935-892A-8868E401906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62156008-2728-4207-AF60-E6330421D102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "094DCC66-8C95-4DD6-B8DD-FB2D46A2A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D27EBAD4-F6F3-4E6A-8E42-EBB36655376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93169BDD-4F0B-44C9-96C4-5BD0839A9BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D386F45-4F54-47B9-9DDD-AA344D41BB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "652123A0-65E1-47CE-BE74-47E65D5A07B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF4F345-87B0-46D3-855D-E505984D2896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22AA0442-47B7-44D3-9BAB-A84C522C2E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C80C4CE4-D30D-46FF-AF86-8BBBC269EF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFED6CE-E6E9-4836-A8D6-6E86CF6659B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7CCDCB-4A90-4A46-9A66-96766E1998B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F933811-ACD1-491A-8F4A-85E79C9DDD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70F64EB7-8725-4DBE-92E3-D67B1C3CEE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA95BE97-348C-4F2E-AEA2-3995A8F1160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39071BE6-1A83-41AB-8E4D-E4AF08204451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A42A71C3-9D2E-48B4-9F6C-DBA9969347FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF46145-2844-4963-AC20-089660627EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D260CC4A-DBCB-447D-84E1-7E727FB2DFFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el flashuploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a trav\u00e9s de una cadena en una URL."
}
],
"id": "CVE-2013-4942",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-29T13:59:20.927",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-07 22:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50F634D1-01D7-4DA6-87F0-5B2DEEE5474D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A17F6CB-1A34-4EC9-A8D4-F4BC5E00F3F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "558D05E1-A3A5-4C12-89AF-88D6442930AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.4.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con charts/assets/charts.swf.\r\n"
}
],
"id": "CVE-2010-4207",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-07T22:00:03.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41955"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42271"
},
{
"source": "cve@mitre.org",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/2.8.2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-16 12:24
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50F634D1-01D7-4DA6-87F0-5B2DEEE5474D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E93863F6-0292-407A-A64F-A489ACB8AF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*",
"matchCriteriaId": "EE5171DD-4DD2-4E31-8AB3-79C3BF98631D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E123BE37-CAB5-4E39-A30A-FEE929D94B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15C1F0CF-A011-4299-8A9F-FE2B4005AAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*",
"matchCriteriaId": "7AB27623-B6A3-46D8-93E3-D284E46FF38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*",
"matchCriteriaId": "623A34B4-A44C-4B7A-B01E-18560D17659A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.5.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con uploader.swf. Se trata de un problema similar a CVE-2010-4208.\r\n"
}
],
"id": "CVE-2012-5882",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-16T12:24:24.853",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"source": "cve@mitre.org",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18C6F348-DAE9-4440-8B3A-8D92ADC6606F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "367537BF-CBDF-4CBB-91B4-6E5A567EF605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DABBF325-C48A-4838-AC5D-0565C78976CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02B72177-DFB0-4242-9ED6-068E5751579B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7226EE65-CC9F-4FDA-9791-3C8047D5C04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC55ECE-8185-4FC0-A4C9-14AABD136650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFDE1FC-992E-4610-A62D-282B448402AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8EA8F6-D689-4726-9B02-0C555EFF56AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "633480C9-D415-4BF9-9185-547EAB7ADBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D4994E7C-196E-4EDC-B192-836AB3C8731B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E993FB9B-B157-4CDC-B4A9-B8CA89668E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED2D6B-48F7-444D-8EC7-C51719F970CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36B291C0-7E41-4073-AFFF-CFEFEDDFD6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4E36C4AB-0599-40A3-BD80-4DDB1631A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A04348FF-A3BE-4063-A208-27C3E46B67EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E15AADAA-EFF5-4116-A683-D2B9824AA353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C917E5A8-ABE8-4F01-8580-329836CC2C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70C08FF1-BAA7-4534-98E4-80231C25BC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "025832C9-F1A4-4935-892A-8868E401906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62156008-2728-4207-AF60-E6330421D102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "094DCC66-8C95-4DD6-B8DD-FB2D46A2A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D27EBAD4-F6F3-4E6A-8E42-EBB36655376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93169BDD-4F0B-44C9-96C4-5BD0839A9BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC78DF75-DB8F-4579-872A-8F5BE47453A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6B7F27-D17A-4596-8D8B-EC9D1BC01881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D2E5F9-8EAC-43E7-A140-8E1E0B113C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0B505C-D7EC-405F-893B-2C3D368CA041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44A39D0F-82A1-4616-B9A5-78CA8A334621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AA541E-026E-46AE-82E9-002FE34CA781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6C8BC3-1228-437D-9287-CC15DBECFA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE209757-7276-4890-8B5A-B768A95DDC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D386F45-4F54-47B9-9DDD-AA344D41BB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "652123A0-65E1-47CE-BE74-47E65D5A07B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF4F345-87B0-46D3-855D-E505984D2896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22AA0442-47B7-44D3-9BAB-A84C522C2E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C80C4CE4-D30D-46FF-AF86-8BBBC269EF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFED6CE-E6E9-4836-A8D6-6E86CF6659B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7CCDCB-4A90-4A46-9A66-96766E1998B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F933811-ACD1-491A-8F4A-85E79C9DDD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70F64EB7-8725-4DBE-92E3-D67B1C3CEE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA95BE97-348C-4F2E-AEA2-3995A8F1160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39071BE6-1A83-41AB-8E4D-E4AF08204451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A42A71C3-9D2E-48B4-9F6C-DBA9969347FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF46145-2844-4963-AC20-089660627EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D260CC4A-DBCB-447D-84E1-7E727FB2DFFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el uploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a trav\u00e9s de una cadena en una URL."
}
],
"id": "CVE-2013-4941",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-29T13:59:20.913",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-07 22:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "740ADCB7-B296-4728-A73A-9691265B8F07",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6187C92D-FEE9-4B1B-B7ED-9A1DD360B204",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71213AF6-48CC-469F-9FBA-CAF1D3237657",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85CDC579-6967-4E5C-B716-B2BC04F6DBF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.8.0 hasta v2.8.1, tal como se emplea en Bugzilla v3.7.1 hasta v3.7.3 y v4.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con swfstore/swfstore.swf"
}
],
"id": "CVE-2010-4209",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-07T22:00:03.847",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41955"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42271"
},
{
"source": "cve@mitre.org",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/2.8.2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18C6F348-DAE9-4440-8B3A-8D92ADC6606F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "367537BF-CBDF-4CBB-91B4-6E5A567EF605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DABBF325-C48A-4838-AC5D-0565C78976CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02B72177-DFB0-4242-9ED6-068E5751579B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7226EE65-CC9F-4FDA-9791-3C8047D5C04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC55ECE-8185-4FC0-A4C9-14AABD136650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFDE1FC-992E-4610-A62D-282B448402AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8EA8F6-D689-4726-9B02-0C555EFF56AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "633480C9-D415-4BF9-9185-547EAB7ADBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D4994E7C-196E-4EDC-B192-836AB3C8731B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E993FB9B-B157-4CDC-B4A9-B8CA89668E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED2D6B-48F7-444D-8EC7-C51719F970CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36B291C0-7E41-4073-AFFF-CFEFEDDFD6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4E36C4AB-0599-40A3-BD80-4DDB1631A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A04348FF-A3BE-4063-A208-27C3E46B67EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E15AADAA-EFF5-4116-A683-D2B9824AA353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C917E5A8-ABE8-4F01-8580-329836CC2C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70C08FF1-BAA7-4534-98E4-80231C25BC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "025832C9-F1A4-4935-892A-8868E401906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62156008-2728-4207-AF60-E6330421D102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "094DCC66-8C95-4DD6-B8DD-FB2D46A2A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D27EBAD4-F6F3-4E6A-8E42-EBB36655376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93169BDD-4F0B-44C9-96C4-5BD0839A9BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC78DF75-DB8F-4579-872A-8F5BE47453A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6B7F27-D17A-4596-8D8B-EC9D1BC01881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D2E5F9-8EAC-43E7-A140-8E1E0B113C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0B505C-D7EC-405F-893B-2C3D368CA041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44A39D0F-82A1-4616-B9A5-78CA8A334621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AA541E-026E-46AE-82E9-002FE34CA781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6C8BC3-1228-437D-9287-CC15DBECFA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE209757-7276-4890-8B5A-B768A95DDC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D386F45-4F54-47B9-9DDD-AA344D41BB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "652123A0-65E1-47CE-BE74-47E65D5A07B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF4F345-87B0-46D3-855D-E505984D2896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22AA0442-47B7-44D3-9BAB-A84C522C2E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C80C4CE4-D30D-46FF-AF86-8BBBC269EF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFED6CE-E6E9-4836-A8D6-6E86CF6659B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7CCDCB-4A90-4A46-9A66-96766E1998B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F933811-ACD1-491A-8F4A-85E79C9DDD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70F64EB7-8725-4DBE-92E3-D67B1C3CEE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA95BE97-348C-4F2E-AEA2-3995A8F1160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39071BE6-1A83-41AB-8E4D-E4AF08204451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A42A71C3-9D2E-48B4-9F6C-DBA9969347FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF46145-2844-4963-AC20-089660627EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D260CC4A-DBCB-447D-84E1-7E727FB2DFFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.0.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a trav\u00e9s de una cadena en una URL."
}
],
"id": "CVE-2013-4939",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-29T13:59:20.887",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-16 12:24
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | bugzilla | 3.7 | |
| mozilla | bugzilla | 3.7.1 | |
| mozilla | bugzilla | 3.7.2 | |
| mozilla | bugzilla | 3.7.3 | |
| mozilla | bugzilla | 4.0 | |
| mozilla | bugzilla | 4.0 | |
| mozilla | bugzilla | 4.0 | |
| mozilla | bugzilla | 4.0.1 | |
| mozilla | bugzilla | 4.0.2 | |
| mozilla | bugzilla | 4.0.3 | |
| mozilla | bugzilla | 4.0.4 | |
| mozilla | bugzilla | 4.0.5 | |
| mozilla | bugzilla | 4.0.6 | |
| mozilla | bugzilla | 4.0.7 | |
| mozilla | bugzilla | 4.0.8 | |
| mozilla | bugzilla | 4.1 | |
| mozilla | bugzilla | 4.1.1 | |
| mozilla | bugzilla | 4.1.2 | |
| mozilla | bugzilla | 4.1.3 | |
| mozilla | bugzilla | 4.2 | |
| mozilla | bugzilla | 4.2 | |
| mozilla | bugzilla | 4.2 | |
| mozilla | bugzilla | 4.2.1 | |
| mozilla | bugzilla | 4.2.2 | |
| mozilla | bugzilla | 4.2.3 | |
| mozilla | bugzilla | 4.3 | |
| mozilla | bugzilla | 4.3.1 | |
| mozilla | bugzilla | 4.3.2 | |
| mozilla | bugzilla | 4.3.3 | |
| yahoo | yui | 2.8.0 | |
| yahoo | yui | 2.8.1 | |
| yahoo | yui | 2.8.1 | |
| yahoo | yui | 2.8.2 | |
| yahoo | yui | 2.9.0 | |
| yahoo | yui | 2.9.0 | |
| yahoo | yui | 2.9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2757B2A7-5232-4245-9CC6-91BF9E3ECA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "740ADCB7-B296-4728-A73A-9691265B8F07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6187C92D-FEE9-4B1B-B7ED-9A1DD360B204",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "71213AF6-48CC-469F-9FBA-CAF1D3237657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DABC1683-0E04-456E-9500-68D0D35815E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38D71912-DCD6-44BB-8A86-72D207B49E58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D5A8816A-84EE-44B0-AD3B-5C9BC9B3E71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A367BFF0-397D-416F-960C-602E8B66421A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A6229B76-3EB0-45D9-9667-7E94D0880AE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCD8B47-9BF6-4F3E-AF88-0416BE31EC65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8D0ED4E-F1A7-43B7-B9D2-D6D6AA145459",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "93FE2861-A397-4439-9BB8-7B67D7F9D211",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3AF08887-66BF-4B3C-81E9-F8443E7D3285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D2D243D2-0FD9-45E5-BE52-A2956F587122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6038EF72-2CDC-42A1-A20A-B23459776E21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85CDC579-6967-4E5C-B716-B2BC04F6DBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "27783033-F558-427C-89A7-C3638C57F2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E91557C7-8C53-49C4-8BC5-7F86D4AA09B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "50448355-F1D3-48AB-AED0-5FE027D7C199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE9B4E3-8044-4305-A517-E695D0831355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4BDA28D1-5B26-4FBA-B685-C230569AF024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F61B90BF-3548-4D3A-BF70-A9DC96C11775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD204F45-15FE-4677-BC4C-A53F322A3B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22FAFCDF-C615-4958-9C6D-E74EC11E9A62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D623AEB-622E-470E-898C-A447F9C4066A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F119CA93-4D32-4852-90AD-A23215D6CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CA9A1C4-412D-4EED-8259-04F48322238B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "27847E43-22AD-468D-8E64-8D56EA8CBE50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DBB66FA-6E99-4F08-A223-6070E193B869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*",
"matchCriteriaId": "EE5171DD-4DD2-4E31-8AB3-79C3BF98631D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E123BE37-CAB5-4E39-A30A-FEE929D94B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15C1F0CF-A011-4299-8A9F-FE2B4005AAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*",
"matchCriteriaId": "7AB27623-B6A3-46D8-93E3-D284E46FF38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*",
"matchCriteriaId": "623A34B4-A44C-4B7A-B01E-18560D17659A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.8.0 a v2.9.0 tal y como se usa en Bugzilla v3.7.x y v4.0.x antes de v4.0.9, v4.1.x y v4.2.x antes de v4.2.4 y v4.3.x y v4.4.x antes de v4.4rc1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con swfstore.swf. Se trata de un problema similar a CVE-2010-4209.\r\n"
}
],
"id": "CVE-2012-5883",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-16T12:24:24.900",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.bugzilla.org/security/3.6.11/"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"source": "cve@mitre.org",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"source": "cve@mitre.org",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bugzilla.org/security/3.6.11/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-16 12:24
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50F634D1-01D7-4DA6-87F0-5B2DEEE5474D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E93863F6-0292-407A-A64F-A489ACB8AF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*",
"matchCriteriaId": "EE5171DD-4DD2-4E31-8AB3-79C3BF98631D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E123BE37-CAB5-4E39-A30A-FEE929D94B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15C1F0CF-A011-4299-8A9F-FE2B4005AAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*",
"matchCriteriaId": "7AB27623-B6A3-46D8-93E3-D284E46FF38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*",
"matchCriteriaId": "623A34B4-A44C-4B7A-B01E-18560D17659A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la infraestructura del componente Flash en YUI v2.4.0 a v2.9.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con charts.swf. Se trata de un problema similar con CVE-2010-4207.\r\n"
}
],
"id": "CVE-2012-5881",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-11-16T12:24:24.807",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"source": "cve@mitre.org",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://yuilibrary.com/support/20121030-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-11-07 22:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A17F6CB-1A34-4EC9-A8D4-F4BC5E00F3F2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:mozilla:bugzilla:*:*:*:*:*:*:*:*",
"matchCriteriaId": "558D05E1-A3A5-4C12-89AF-88D6442930AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.5.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con uploader/assets/uploader.swf\r\n"
}
],
"id": "CVE-2010-4208",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-07T22:00:03.800",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41955"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42271"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/2.8.2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://moodle.org/mod/forum/discuss.php?d=160910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.bugzilla.org/security/3.2.8/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/11/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/514622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1024683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/2878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/2975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/2.8.2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-01-28 21:00
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05D85174-7707-4318-8D73-E55DE00F9BFC",
"versionEndIncluding": "2.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E7CC85C-D3F1-4103-8F2A-87AF2FEC8614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A84E1A72-647A-4506-B3F8-A71ACBBE3E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8D227D98-8C1C-4FED-93A1-693554458ACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2E659B-FDB8-4ACD-8F7E-7220178BFC38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50F634D1-01D7-4DA6-87F0-5B2DEEE5474D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E93863F6-0292-407A-A64F-A489ACB8AF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*",
"matchCriteriaId": "EE5171DD-4DD2-4E31-8AB3-79C3BF98631D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el accesorio Menu en YUI anteriores a v2.9.0 \r\npermite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un campo que se a\u00f1ade al men\u00fa, relacionado con la documentaci\u00f3n que especifica que es un campo de texto m\u00e1s que un campo HTML, problema similar a CVE-2010-4569 y CVE-2010-4570."
}
],
"id": "CVE-2010-4710",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-28T21:00:28.500",
"references": [
{
"source": "cve@mitre.org",
"url": "http://yuilibrary.com/forum/viewtopic.php?p=12923"
},
{
"source": "cve@mitre.org",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"source": "cve@mitre.org",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529231"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yuilibrary.com/forum/viewtopic.php?p=12923"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://yuilibrary.com/projects/yui2/ticket/2529231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65180"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-11-13 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF394F4-B2D5-4C7D-B4D8-06E534DAD4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4401EEC-0283-4E44-BEBF-06649B6876B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "603CFB72-FE66-446C-8574-DED64A54BB78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1CFBB7-8416-4910-918C-698DA28E963A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7E6D30-7D9B-4D30-B47F-E1F7F6E6F8E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF48039A-91E3-46AB-9976-8E4B5F656B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B573788D-91EB-42A9-8E25-11B8F8483638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E123BE37-CAB5-4E39-A30A-FEE929D94B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15C1F0CF-A011-4299-8A9F-FE2B4005AAE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en uploader.swf en el componente Uploader de Yahoo! YUI 2.5.0 hasta la versi\u00f3n 2.9.0 permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s del par\u00e1metro allowedDomain."
}
],
"id": "CVE-2013-6780",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-11-13T15:55:04.580",
"references": [
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1029528"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/130527/Cisco-Ironport-AsyncOS-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://yuilibrary.com/support/20131111-vulnerability/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-29 13:59
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18C6F348-DAE9-4440-8B3A-8D92ADC6606F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "367537BF-CBDF-4CBB-91B4-6E5A567EF605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DABBF325-C48A-4838-AC5D-0565C78976CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "02B72177-DFB0-4242-9ED6-068E5751579B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7226EE65-CC9F-4FDA-9791-3C8047D5C04C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC55ECE-8185-4FC0-A4C9-14AABD136650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "ADFDE1FC-992E-4610-A62D-282B448402AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8EA8F6-D689-4726-9B02-0C555EFF56AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "633480C9-D415-4BF9-9185-547EAB7ADBE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D4994E7C-196E-4EDC-B192-836AB3C8731B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E993FB9B-B157-4CDC-B4A9-B8CA89668E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA527724-B44E-46B6-BA53-A83B012EA376",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31A8CAEA-CCCF-4678-B61E-0FFE439890DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3C22E1EB-57DA-4E3C-BF38-29E2F50AEBF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "25F99A03-DD94-4380-8E6B-C95D3A57D6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "54ED2D6B-48F7-444D-8EC7-C51719F970CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "36B291C0-7E41-4073-AFFF-CFEFEDDFD6A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4E36C4AB-0599-40A3-BD80-4DDB1631A604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A04348FF-A3BE-4063-A208-27C3E46B67EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFD575CF-2AF2-443F-841D-F7E25FBD455A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC2A1954-E30F-40EC-BA59-40D29573E7D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25EA194F-BE9D-49A8-AA35-FC7810C06643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3888D8-8219-4DE4-8E6C-84F58AFD3B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E15AADAA-EFF5-4116-A683-D2B9824AA353",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C917E5A8-ABE8-4F01-8580-329836CC2C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "70C08FF1-BAA7-4534-98E4-80231C25BC83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "025832C9-F1A4-4935-892A-8868E401906E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E52813-E056-4A5C-8BF5-4DD5EF5BF041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62156008-2728-4207-AF60-E6330421D102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "094DCC66-8C95-4DD6-B8DD-FB2D46A2A847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D27EBAD4-F6F3-4E6A-8E42-EBB36655376D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93169BDD-4F0B-44C9-96C4-5BD0839A9BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC78DF75-DB8F-4579-872A-8F5BE47453A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA6B7F27-D17A-4596-8D8B-EC9D1BC01881",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D2E5F9-8EAC-43E7-A140-8E1E0B113C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0B505C-D7EC-405F-893B-2C3D368CA041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44A39D0F-82A1-4616-B9A5-78CA8A334621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9AA541E-026E-46AE-82E9-002FE34CA781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6C8BC3-1228-437D-9287-CC15DBECFA3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE209757-7276-4890-8B5A-B768A95DDC92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D386F45-4F54-47B9-9DDD-AA344D41BB8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "652123A0-65E1-47CE-BE74-47E65D5A07B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF4F345-87B0-46D3-855D-E505984D2896",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "22AA0442-47B7-44D3-9BAB-A84C522C2E61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C80C4CE4-D30D-46FF-AF86-8BBBC269EF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFED6CE-E6E9-4836-A8D6-6E86CF6659B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C7CCDCB-4A90-4A46-9A66-96766E1998B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F933811-ACD1-491A-8F4A-85E79C9DDD5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70F64EB7-8725-4DBE-92E3-D67B1C3CEE55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AA95BE97-348C-4F2E-AEA2-3995A8F1160B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "39071BE6-1A83-41AB-8E4D-E4AF08204451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A42A71C3-9D2E-48B4-9F6C-DBA9969347FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFF46145-2844-4963-AC20-089660627EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D260CC4A-DBCB-447D-84E1-7E727FB2DFFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.10.2 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a trav\u00e9s de una cadena en una URL. Esta vulnerabilidad existe por la regresi\u00f3n del CVE-2013-4939."
}
],
"id": "CVE-2013-4940",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-07-29T13:59:20.900",
"references": [
{
"source": "cve@mitre.org",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-39678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://yuilibrary.com/support/20130515-vulnerability/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://moodle.org/mod/forum/discuss.php?d=232496"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}