Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/yui@3.10.3
purl pkg:npm/yui@3.10.3
Next non-vulnerable version 3.11.0pr1
Latest non-vulnerable version 3.11.0pr1
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-bkcw-p2su-pkde
Aliases:
CVE-2013-4940
GHSA-x5hj-47vv-53p8
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.
3.10.11
Affected by 0 other vulnerabilities.
3.10.13
Affected by 0 other vulnerabilities.
3.11.0pr1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-7pnw-f1rw-kydp XSS via .swf files In the vulnerable versions, the `uploader.swf` and `io.swf` utilities contain a vulnerability allowing cross-site scripting through the `.swf` files used in these components. Through a url accessing these files, and attacker can inject script in the context of these files, potentially exposing cookies or other sensitive information. The vulnerability resurfaced in v0.10.2, but only with `io.swf`. CVE-2013-4939
GHSA-mj87-8xf8-fp4w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:48:33.033922+00:00 GitLab Importer Affected by VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.4.0
2026-04-16T20:30:45.641330+00:00 GitLab Importer Fixing VCID-7pnw-f1rw-kydp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4939.yml 38.4.0
2026-04-11T23:04:27.967695+00:00 GitLab Importer Affected by VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.3.0
2026-04-11T21:41:09.767109+00:00 GitLab Importer Fixing VCID-7pnw-f1rw-kydp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4939.yml 38.3.0
2026-04-02T23:12:49.022536+00:00 GitLab Importer Affected by VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.1.0
2026-04-02T21:55:20.193349+00:00 GitLab Importer Fixing VCID-7pnw-f1rw-kydp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4939.yml 38.1.0
2026-04-01T17:32:45.562398+00:00 GitLab Importer Affected by VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.0.0
2026-04-01T15:58:25.912549+00:00 GHSA Importer Fixing VCID-7pnw-f1rw-kydp https://github.com/advisories/GHSA-mj87-8xf8-fp4w 38.0.0
2026-04-01T12:59:33.753055+00:00 GithubOSV Importer Fixing VCID-7pnw-f1rw-kydp https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-mj87-8xf8-fp4w/GHSA-mj87-8xf8-fp4w.json 38.0.0
2026-04-01T12:46:49.663342+00:00 GitLab Importer Fixing VCID-7pnw-f1rw-kydp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4939.yml 38.0.0