Lucene search

K

Ubuntu.comUB:CVE-2013-4940

HistoryJul 29, 2013 - 12:00 a.m.

CVE-2013-4940

2013-07-2900:00:00

ubuntu.com

ubuntu.com

11

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.4%

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility
component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x
before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1,
and other products, allows remote attackers to inject arbitrary web script
or HTML via a crafted string in a URL. NOTE: this vulnerability exists
because of a CVE-2013-4939 regression.

Notes

Author	Note
jdstrand	fix for CVE-2013-4939 not included in Ubuntu

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678

yuilibrary.com/support/20130515-vulnerability/

launchpad.net/bugs/cve/CVE-2013-4940

moodle.org/mod/forum/discuss.php?d=232496

nvd.nist.gov/vuln/detail/CVE-2013-4940

security-tracker.debian.org/tracker/CVE-2013-4940

www.cve.org/CVERecord?id=CVE-2013-4940

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.4%

Related for UB:CVE-2013-4940

cve2 nvd2 cvelist2 prion2 nodejs1 ubuntucve1 veracode1 github1 osv1