CVE-2013-4941
Published: 29 July 2013
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
Priority
Status
Package | Release | Status |
---|---|---|
moodle Launchpad, Ubuntu, Debian |
vivid |
Not vulnerable
(2.5.1-1)
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
(2.5.1-1)
|
|
trusty |
Does not exist
(trusty was not-affected [2.5.1-1])
|
|
upstream |
Released
(2.5.1-1)
|
|
utopic |
Not vulnerable
(2.5.1-1)
|
|
wily |
Not vulnerable
(2.5.1-1)
|
|
xenial |
Not vulnerable
(2.5.1-1)
|
|
yakkety |
Not vulnerable
(2.5.1-1)
|
|
zesty |
Not vulnerable
(2.5.1-1)
|