VulnerableCode Vulnerability Details - VCID-1e39-62g9-j7d2

Search for vulnerabilities

Vulnerability details: VCID-1e39-62g9-j7d2

Essentials
Severities (13)
References (14)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1e39-62g9-j7d2
Aliases	CVE-2013-4939 GHSA-mj87-8xf8-fp4w
Summary	Cross-Site Scripting in yui Affected versions of `yui` are vulnerable to cross-site scripting in the `uploader.swf` and `io.swf` utilities, via script injection in the url. ## Recommendation YUI has published their recommendation to fix this issue. Their recommendation is to: - Delete self-hosted copies of these files if you are not using them - Use the Yahoo! CDN hosted files - Use the patched files provided on the YUI Library [here](https://yuilibrary.com/support/20130515-vulnerability/#resolution).
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2013-4939
epss	0.0031	https://api.first.org/data/v1/epss?cve=CVE-2013-4939
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-mj87-8xf8-fp4w
cvssv3	5.3	https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
generic_textual	MODERATE	https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E
generic_textual	MODERATE	https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=232496
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-4939
generic_textual	MODERATE	https://www.npmjs.com/advisories/332
generic_textual	MODERATE	https://yuilibrary.com/support/20130515-vulnerability
cvssv3	5.3	https://yuilibrary.com/support/20130515-vulnerability/)
generic_textual	MODERATE	http://yuilibrary.com/support/20130515-vulnerability

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
		https://api.first.org/data/v1/epss?cve=CVE-2013-4939
		https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E
		https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E
		https://moodle.org/mod/forum/discuss.php?d=232496
		https://nvd.nist.gov/vuln/detail/CVE-2013-4939
		https://www.npmjs.com/advisories/332
		https://yuilibrary.com/support/20130515-vulnerability
		https://yuilibrary.com/support/20130515-vulnerability/
		https://yuilibrary.com/support/20130515-vulnerability/)
		http://yuilibrary.com/support/20130515-vulnerability
		http://yuilibrary.com/support/20130515-vulnerability/
332		https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
GHSA-mj87-8xf8-fp4w		https://github.com/advisories/GHSA-mj87-8xf8-fp4w

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.53623
EPSS Score	0.0031
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:16:24.588599+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-mj87-8xf8-fp4w/GHSA-mj87-8xf8-fp4w.json	36.1.3