Search for packages
| purl | pkg:npm/yui@3.2.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-hexy-ppcc-mubc
Aliases: CVE-2013-4942 GHSA-9ww8-j8j2-3788 |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. |
Affected by 2 other vulnerabilities. |
|
VCID-t85p-u6ky-zbbn
Aliases: CVE-2013-4941 GHSA-64r3-582j-frqm |
YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:13:14.078480+00:00 | GitLab Importer | Affected by | VCID-t85p-u6ky-zbbn | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4941.yml | 36.1.3 |
| 2025-07-01T18:13:12.717830+00:00 | GitLab Importer | Affected by | VCID-hexy-ppcc-mubc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4942.yml | 36.1.3 |
| 2025-07-01T14:32:15.347334+00:00 | GHSA Importer | Affected by | VCID-hexy-ppcc-mubc | https://github.com/advisories/GHSA-9ww8-j8j2-3788 | 36.1.3 |
| 2025-07-01T14:32:15.042472+00:00 | GHSA Importer | Affected by | VCID-t85p-u6ky-zbbn | https://github.com/advisories/GHSA-64r3-582j-frqm | 36.1.3 |