Search for packages
| purl | pkg:npm/yui@3.2.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3fdn-sk73-zqe2
Aliases: CVE-2013-4942 GHSA-9ww8-j8j2-3788 |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. |
Affected by 2 other vulnerabilities. |
|
VCID-kjwa-ezsm-pbg7
Aliases: CVE-2013-4941 GHSA-64r3-582j-frqm |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T16:01:14.133011+00:00 | GHSA Importer | Affected by | VCID-3fdn-sk73-zqe2 | https://github.com/advisories/GHSA-9ww8-j8j2-3788 | 38.0.0 |
| 2026-04-01T16:01:13.705355+00:00 | GHSA Importer | Affected by | VCID-kjwa-ezsm-pbg7 | https://github.com/advisories/GHSA-64r3-582j-frqm | 38.0.0 |
| 2026-04-01T12:50:09.370781+00:00 | GitLab Importer | Affected by | VCID-kjwa-ezsm-pbg7 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4941.yml | 38.0.0 |
| 2026-04-01T12:50:07.686172+00:00 | GitLab Importer | Affected by | VCID-3fdn-sk73-zqe2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4942.yml | 38.0.0 |