Lucene search
Veracode Vulnerability DatabaseVERACODE:4821HistoryJul 30, 2017 - 9:28 p.m.
Cross-site Scripting (XSS)
2017-07-3021:28:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.004 Low
EPSS
Percentile
72.4%
Moodle is vulnerable to cross-site scripting (XSS) attacks. These attacks are possible through the io.swf component of Yahoo! YUI used within Moodle.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | le | 2.2.10 | |
| moodle/moodle | le | 2.4.4 | |
| moodle/moodle | le | 2.3.7 | |
| moodle/moodle | le | 2.1.10 | |
| moodle/moodle | le | 2.5.0 | |
| yui3 | le | 3.9.1 | |
| yui3 | le | 3.10.2 | |
| yui | le | 3.9.1 | |
| yui | le | 3.10.2 | |
| yui | le | 3.10.2 |
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
yuilibrary.com/support/20130515-vulnerability/
lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E
moodle.org/mod/forum/discuss.php?d=232496
yuilibrary.com/support/20130515-vulnerability/
Related
cvelist
cvelist
CVE-2013-4939
2013-07-26 22:00:00
CVE-2013-4940
2022-10-03 16:14:58
osv
osv
Cross-Site Scripting in yui
2020-09-01 16:42:51
prion
prion
Cross site scripting
2013-07-29 13:59:00
Cross site scripting
2013-07-29 13:59:00
nvd
nvd
CVE-2013-4939
2013-07-29 13:59:20
CVE-2013-4940
2013-07-29 13:59:20
cve
cve
CVE-2013-4939
2013-07-29 13:59:20
CVE-2013-4940
2022-10-03 16:14:58
ubuntucve
ubuntucve
CVE-2013-4939
2013-07-29 00:00:00
CVE-2013-4940
2013-07-29 00:00:00
github
github
Cross-Site Scripting in yui
2020-09-01 16:42:51
nodejs
nodejs
Cross-Site Scripting
2017-03-24 17:40:51