CVE-2013-4942

medium

Published 2013-07-29 · Modified 2025-04-12

CVSS v3

—

CVSS v2

4.3

VIR risk

4.3

Description

YUI Cross-site Scripting (XSS) vulnerability

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://moodle.org/mod/forum/discuss.php?d=232496

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://yuilibrary.com/support/20130515-vulnerability/

Ecosystem	Package	Vulnerable	Fixed
npm	yui	`>=3.2.0,<=3.9.1`
Packagist	moodle/moodle	`<2.2.11`	`2.2.11`
Packagist	moodle/moodle	`>=2.3.0,<2.3.8`	`2.3.8`
Packagist	moodle/moodle	`>=2.4.0-rc1,<2.4.5`	`2.4.5`
Packagist	moodle/moodle	`>=2.5.0-beta,<2.5.1`	`2.5.1`

Vendor	Product	Versions
moodle	moodle	`2.1.0`
moodle	moodle	`2.1.1`
moodle	moodle	`2.1.2`
moodle	moodle	`2.1.3`
moodle	moodle	`2.1.4`
moodle	moodle	`2.1.5`
moodle	moodle	`2.1.6`
moodle	moodle	`2.1.7`
moodle	moodle	`2.1.8`
moodle	moodle	`2.1.9`
moodle	moodle	`2.1.10`
moodle	moodle	`2.2.0`
moodle	moodle	`2.2.1`
moodle	moodle	`2.2.2`
moodle	moodle	`2.2.3`
moodle	moodle	`2.2.4`
moodle	moodle	`2.2.5`
moodle	moodle	`2.2.6`
moodle	moodle	`2.2.7`
moodle	moodle	`2.2.8`
moodle	moodle	`2.2.9`
moodle	moodle	`2.2.10`
moodle	moodle	`2.3.0`
moodle	moodle	`2.3.1`
moodle	moodle	`2.3.2`
moodle	moodle	`2.3.3`
moodle	moodle	`2.3.4`
moodle	moodle	`2.3.5`
moodle	moodle	`2.3.6`
moodle	moodle	`2.3.7`
moodle	moodle	`2.4.0`
moodle	moodle	`2.4.1`
moodle	moodle	`2.4.2`
moodle	moodle	`2.4.3`
moodle	moodle	`2.4.4`
moodle	moodle	`2.5.0`
yahoo	yui	`3.5.0`
yahoo	yui	`3.5.1`
yahoo	yui	`3.6.0`
yahoo	yui	`3.7.0`
yahoo	yui	`3.7.1`
yahoo	yui	`3.7.2`
yahoo	yui	`3.7.3`
yahoo	yui	`3.8.0`
yahoo	yui	`3.8.1`
yahoo	yui	`3.9.0`
yahoo	yui	`3.9.1`
yahoo	yui	`3.10.0`
yahoo	yui	`3.10.1`
yahoo	yui	`3.10.2`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.