| Description: | Flash files distributed with the YUI library may have allowed for cross-site scripting attacks. This is additional to MSA-13-0025. |
| Issue summary: | YUI2 security vulnerability |
| Severity/Risk: | Serious |
| Versions affected: | 2.3 to 2.3.9 and earlier unsupported versions |
| Versions fixed: | 2.3.10 |
| Reported by: | Petr Škoda |
| Issue no.: | MDL-42780 |
| CVE identifier: | CVE-2013-6780 |
| Workaround | Remove all SWF files under the lib/yui directory. |
| Changes (2.3): | http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_23_STABLE&st=commit&s=MDL-42780 |
MSA-13-0040: Cross site scripting vulnerability in YUI library
by Michael de Raadt -
Number of replies: 0