Lucene search

K

Ubuntu.comUB:CVE-2013-4939

HistoryJul 29, 2013 - 12:00 a.m.

CVE-2013-4939

2013-07-2900:00:00

ubuntu.com

ubuntu.com

14

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

72.3%

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility
component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through
2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x
before 2.5.1, and other products, allows remote attackers to inject
arbitrary web script or HTML via a crafted string in a URL.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678

yuilibrary.com/support/20130515-vulnerability/

launchpad.net/bugs/cve/CVE-2013-4939

moodle.org/mod/forum/discuss.php?d=232496

nvd.nist.gov/vuln/detail/CVE-2013-4939

security-tracker.debian.org/tracker/CVE-2013-4939

www.cve.org/CVERecord?id=CVE-2013-4939

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.004

Percentile

72.3%

Related for UB:CVE-2013-4939

cvelist2 prion2 nvd2 osv1 veracode1 github1 cve2 ubuntucve1 nodejs1