Search for vulnerabilities
Vulnerability details: VCID-hexy-ppcc-mubc
Vulnerability ID VCID-hexy-ppcc-mubc
Aliases CVE-2013-4942
GHSA-9ww8-j8j2-3788
Summary YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2013-4942
epss 0.00322 https://api.first.org/data/v1/epss?cve=CVE-2013-4942
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-9ww8-j8j2-3788
cvssv3 5.3 https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=232496
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-4942
generic_textual MODERATE https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
cvssv3 5.3 https://yuilibrary.com/support/20130515-vulnerability/)
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
https://api.first.org/data/v1/epss?cve=CVE-2013-4942
https://moodle.org/mod/forum/discuss.php?d=232496
https://nvd.nist.gov/vuln/detail/CVE-2013-4942
https://web.archive.org/web/20130909203912/http://yuilibrary.com/support/20130515-vulnerability
https://yuilibrary.com/support/20130515-vulnerability/)
332 https://github.com/nodejs/security-wg/blob/main/vuln/npm/332.json
GHSA-9ww8-j8j2-3788 https://github.com/advisories/GHSA-9ww8-j8j2-3788
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.54578
EPSS Score 0.00322
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:30:37.727779+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9ww8-j8j2-3788/GHSA-9ww8-j8j2-3788.json 36.1.3