GCVE - cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*

part: a version: 3.9.0 update: *

Vendor	Yahoo (`0dc01c4f-a37d-56de-8e72-74e1c6cb3fab`)
Product	Yui (`50079668-00f8-57fe-9771-118caa7636db`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/yui/yui3`	purl2cpe	2026-06-01 10:17:01.176920
`pkg:npm/yui`	purl2cpe	2026-06-01 10:17:01.176922

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4942`	vulnerable	2026-06-03 14:33:20.077457	Details available Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Published: 2013-07-26T22:00:00.000Z Updated: 2024-09-16T17:15:23.118Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=232496 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4941`	vulnerable	2026-06-03 14:33:20.076085	Details available Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Published: 2013-07-26T22:00:00.000Z Updated: 2024-09-16T18:56:17.488Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=232496 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4940`	vulnerable	2026-06-03 14:33:20.074523	Details available Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. Published: 2013-07-26T22:00:00.000Z Updated: 2024-09-17T02:06:31.907Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=232496 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4939`	vulnerable	2026-06-03 14:33:20.070785	Details available Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Published: 2013-07-26T22:00:00.000Z Updated: 2024-08-06T16:59:41.183Z Open on db.gcve.eu Reference links https://moodle.org/mod/forum/discuss.php?d=232496 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability/ https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.