Description

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

Remediation

References

CVE-2013-4939

Related Vulnerabilities

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000862)

WordPress Plugin InfiniteWP Client PHP Object Injection (1.6.0)

Python Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-23336)

WordPress Plugin Yasr-Yet Another Stars Rating Unspecified Vulnerability (1.3.2)

Oracle Database Server CVE-2007-2112 Vulnerability (CVE-2007-2112)

Severity

Medium

Classification

CVE-2013-4939 CWE-707

Tags

Missing Update Known Vulnerabilities