Description: | Flash files distributed with the YUI library may have allowed for cross-site scripting attacks. This is additional to MSA-13-0025. |
Issue summary: | YUI2 security vulnerability |
Severity/Risk: | Serious |
Versions affected: | 2.3 to 2.3.9 and earlier unsupported versions |
Versions fixed: | 2.3.10 |
Reported by: | Petr Škoda |
Issue no.: | MDL-42780 |
CVE identifier: | CVE-2013-6780 |
Workaround | Remove all SWF files under the lib/yui directory. |
Changes (2.3): | http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_23_STABLE&st=commit&s=MDL-42780 |
MSA-13-0040: Cross site scripting vulnerability in YUI library
by Michael de Raadt -
Number of replies: 0