{ "reportSchema": "1.1", "scanInfo": { "engineVersion": "5.2.4", "dataSource": [ { "name": "NVD CVE Checked", "timestamp": "2020-03-12T07:19:47" }, { "name": "NVD CVE Modified", "timestamp": "2020-03-12T05:02:12" }, { "name": "VersionCheckOn", "timestamp": "2020-02-20T10:57:54" } ] }, "projectInfo": { "name": "", "reportDate": "2020-03-12T07:20:20.370690Z", "credits": { "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" } }, "dependencies": [ { "isVirtual": false, "fileName": "merge_cells.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/table/js/merge_cells.js", "md5": "7f9655fcf059c80b83f62569a97b3d79", "sha1": "e8612ea733ccd1fd80c03693a096de88d1dc14c3", "sha256": "58cfdf22d4ed08c25775de2c87e37cce0dd7ccf3d95139ccc520a24af7514928", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/insertdatetime/editor_plugin.js", "md5": "d99072498466cdb2f53ed7c02da85982", "sha1": "c94b35644717c9228015f3dcb0b9358c3a373553", "sha256": "48fb10a80c6649258719b7e3ffd401b7a4b4c0daa2dd1cec22547088bab28b72", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype_ro-RO.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype_ro-RO.js", "md5": "6c9c0284d30dd51fcdc2a0fb5a5b9ab0", "sha1": "440b36d80b0e5c45e3446365efc1b387c5b1103e", "sha256": "4f111c0714321201f02a96710ad3273cffa896a0068f7506e7d3e2d8f8c044eb", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "loader-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/loader/loader-base.js", "md5": "8edc7b6778ede2dc84b4a071ed34eda3", "sha1": "10ace887a9103e2e4ac92df4747b5cb921fee707", "sha256": "01e727d95dd6ad4fda7e7a4c0e412d14dd8095e875cc6d6c3a4c39c6efddcc4c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_el.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_el.js", "md5": "72c2048ef8a2fb8a8fbb99d3106e42fd", "sha1": "bfab9a412fb1cd011b61ba6f3019df79fb313b28", "sha256": "a6159d55c3c56a6188ad080c61f37709f5d4951cf85050c70bcd55f552167808", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.contextmenu.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.contextmenu.js", "md5": "5d04ea81a591c3cd81ec74c3a49457fe", "sha1": "f450e81f769c7581a8025e00743be529008b4689", "sha256": "b0aa7b50d6c2864778b8e8a7b2d0804a72af35c1c19d4ba37f6f0c27d504e907", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-local.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-local.js", "md5": "c7d7fac69be58a308a1974aaeb8c3332", "sha1": "b5ef74bda369ff6b3bf9b0fa493dc35d7e57171f", "sha256": "bcdf5213c3e0a894ff324669913c3f6c4a319c4a5a5f09f7a3af8d750eecf239", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-local-min.js", "sha256": "bcdf5213c3e0a894ff324669913c3f6c4a319c4a5a5f09f7a3af8d750eecf239", "sha1": "b5ef74bda369ff6b3bf9b0fa493dc35d7e57171f", "md5": "c7d7fac69be58a308a1974aaeb8c3332" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-local-min.js", "sha256": "bcdf5213c3e0a894ff324669913c3f6c4a319c4a5a5f09f7a3af8d750eecf239", "sha1": "b5ef74bda369ff6b3bf9b0fa493dc35d7e57171f", "md5": "c7d7fac69be58a308a1974aaeb8c3332" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sortable-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable-min.js", "md5": "588b4e43059da1e189c74dd0e304ad55", "sha1": "ed18c7841cdecc4720dadaa08f6b6ab2e514f15c", "sha256": "8cf69b8439a7e01ff557a7e2d6cd5ecc8e7e4adae436671ccffb978de4ec7400", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable.js", "sha256": "8cf69b8439a7e01ff557a7e2d6cd5ecc8e7e4adae436671ccffb978de4ec7400", "sha1": "ed18c7841cdecc4720dadaa08f6b6ab2e514f15c", "md5": "588b4e43059da1e189c74dd0e304ad55" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/sortable/sortable-min.js", "sha256": "8cf69b8439a7e01ff557a7e2d6cd5ecc8e7e4adae436671ccffb978de4ec7400", "sha1": "ed18c7841cdecc4720dadaa08f6b6ab2e514f15c", "md5": "588b4e43059da1e189c74dd0e304ad55" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jquery.iframe-auto-height.plugin.1.9.3.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/jquery.iframe-auto-height.plugin.1.9.3.js", "md5": "eca62fdb5373049723a1bd397a53dbe0", "sha1": "9c433478469f3a7d864cd9a08836ba1624f3f940", "sha256": "aee5afbbf7a5bc80dd8b7a217fe55dc099b6153a704bb7664215ce9f2c806d45", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "transition-native.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-native.js", "md5": "a3d282fad6dca511268d207c4415dacb", "sha1": "254dc44bbb6d3ba70931c31734422bb160a0111c", "sha256": "b3649a31af168753cac9c9af68b8acb2debef98c1a915ae6d46882ab6441e2ac", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/transition/transition-native-min.js", "sha256": "b3649a31af168753cac9c9af68b8acb2debef98c1a915ae6d46882ab6441e2ac", "sha1": "254dc44bbb6d3ba70931c31734422bb160a0111c", "md5": "a3d282fad6dca511268d207c4415dacb" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/transition/transition-native-min.js", "sha256": "b3649a31af168753cac9c9af68b8acb2debef98c1a915ae6d46882ab6441e2ac", "sha1": "254dc44bbb6d3ba70931c31734422bb160a0111c", "md5": "a3d282fad6dca511268d207c4415dacb" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-number-parse.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-number-parse.js", "md5": "97e786013ec9d06a3bd6f492da8340c9", "sha1": "f599bc4e9944fbc1c0e05a8a675aaed055bc36ed", "sha256": "6502fce2af290fcadd0c5c629d99df1a8f43ae479a1a52dd2b2b8401f527e2b4", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-MY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-MY.js", "md5": "ebf37204facec764f1226b71f1d5f256", "sha1": "0a20a7ba40440d2621d263a84f9501a5fbde1ec3", "sha256": "1dcbfe4895acc2178dfa0716c37fb144e681effdeaecefdd51c7b5808d9b1f11", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "SugarYUILoader.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugarwidgets/SugarYUILoader.js", "md5": "ae5b3b77eacc4c1fd18e137240b53399", "sha1": "2da2aac329d8f17069d00fe2496f2be46284c80a", "sha256": "c523d6d45e56e43b10bb2bef3d0941d002636027f6b07cdf49241e9993a5e7e4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datasource-polling-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datasource/datasource-polling-min.js", "md5": "b3e59e37018ef2612eda7e37f5293f1c", "sha1": "c828fc22fbbd87da848bb9873a59d40742e333ee", "sha256": "ec4a183237c9e47e89475a450015e81e87a06dae0f1638810c49e712e3edbde0", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-polling-min.js", "sha256": "ec4a183237c9e47e89475a450015e81e87a06dae0f1638810c49e712e3edbde0", "sha1": "c828fc22fbbd87da848bb9873a59d40742e333ee", "md5": "b3e59e37018ef2612eda7e37f5293f1c" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datasource/datasource-polling.js", "sha256": "ec4a183237c9e47e89475a450015e81e87a06dae0f1638810c49e712e3edbde0", "sha1": "c828fc22fbbd87da848bb9873a59d40742e333ee", "md5": "b3e59e37018ef2612eda7e37f5293f1c" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.key.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.key.js", "md5": "776ea652ff7cb8043c7d0a7bd9c06887", "sha1": "8e402d2df338aa12b73b3c71cf2f1fba786b8559", "sha256": "9a5204577d3fb5b7082f5095f9023f55296bb7d0089fe1efb32e8036246e5cd5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_it.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_it.js", "md5": "a8fb7763eacfa1390dba19df93fa7c57", "sha1": "87ba28b1fecd3294d4092a1476e357fb7034556f", "sha256": "dec5981d916078a990421f26ae900b4c5f3f2237092e7877347da239adc6007a", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "popup_helper.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/popup_helper.js", "md5": "3fea89eee621ca6f69e65568111baa15", "sha1": "e95588c3755b3e347233146308fb3d057f9e9ba3", "sha256": "6ca51df0bb2b03c4edf36fd5e691c91074ee437ffa2e3823550b6711dd45c20b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget.js", "md5": "198de37804e4b98b996971c36af87e5f", "sha1": "b9ba4ab9861a684b7cf5a6fa45457c0ef5f649b9", "sha256": "a8c0337643a87fdcf0e2d3c833b5b3c7f4e1c06d329d77e09b1f07772ed5744c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "tabview-plugin-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/tabview/tabview-plugin-min.js", "md5": "df91287276470a1dbc09c7176a304bce", "sha1": "346d1efd69df4565ccebabaa2031abd59a1b02c1", "sha256": "aee41f5429b6a8a2e29af86114469eb3a919d4a4b8406d22b411a897d2019655", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-plugin-min.js", "sha256": "aee41f5429b6a8a2e29af86114469eb3a919d4a4b8406d22b411a897d2019655", "sha1": "346d1efd69df4565ccebabaa2031abd59a1b02c1", "md5": "df91287276470a1dbc09c7176a304bce" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/tabview/tabview-plugin.js", "sha256": "aee41f5429b6a8a2e29af86114469eb3a919d4a4b8406d22b411a897d2019655", "sha1": "346d1efd69df4565ccebabaa2031abd59a1b02c1", "md5": "df91287276470a1dbc09c7176a304bce" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.resizing.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.resizing.js", "md5": "2d1f93314543e405370f7ed0814657b6", "sha1": "869a129620154a9a3515dee83a4c93791db0a12f", "sha256": "d0e57168868cface73814cbbedd9fa0aaa18c6bdb2b5a658bcf1c950aa235cc5", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/fullpage/editor_plugin_src.js", "md5": "96b66213d03d2c1802cd4e067be4d408", "sha1": "9924cd46d46a2dfe7cf0f097ec80414acfe3f8fa", "sha256": "3c19042affd3a0ae8d0326f0f85492569755511dcc9ee523fa5434ef671ed01e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "suitespots.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/suitespots/suitespots.js", "md5": "8050bee2aaac2a0417a63d2ac8c0ed3f", "sha1": "4cf57c5b40bc37667c519bcd38f17883560cdc7f", "sha256": "d3ab10cb33171b50f784692874529e45e3c9ea773e149801bce04eeb02fb1eec", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "actionComputeField.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/AOW_Actions/actions/actionComputeField.js", "md5": "2f39d2288a3dbe7dc85b3b185ce1fdc5", "sha1": "32852c78eac88673a77d155c0f9e1ee60adf077b", "sha256": "13e5e02000649aca8809133064fbf7c7b3158c8312391cb0fd9f098da5811ba0", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery.dataTables.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/DataTables/media/js/jquery.dataTables.js", "md5": "28e78e8c1897d5a8bcf7e18b2f2ba0b6", "sha1": "d3a3798918aaf361571de9e6dcae22c3f57e545e", "sha256": "cad275cd9985e1cd1020e9c9d422eb3a56cc4b1649337bee991359655e6d90bc", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dataschema-text-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dataschema/dataschema-text-min.js", "md5": "174e5569a17675116e35e067748359b9", "sha1": "3ed67fbafbe5410a425c6c6312145825f83914e2", "sha256": "11795037162cdcac882d2b7e337c20a95f83d9ea1a921eace8868f00351f98af", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-text.js", "sha256": "11795037162cdcac882d2b7e337c20a95f83d9ea1a921eace8868f00351f98af", "sha1": "3ed67fbafbe5410a425c6c6312145825f83914e2", "md5": "174e5569a17675116e35e067748359b9" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/dataschema/dataschema-text-min.js", "sha256": "11795037162cdcac882d2b7e337c20a95f83d9ea1a921eace8868f00351f98af", "sha1": "3ed67fbafbe5410a425c6c6312145825f83914e2", "md5": "174e5569a17675116e35e067748359b9" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "RGraph.common.effects.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/SuiteGraphs/rgraph/libraries/RGraph.common.effects.js", "md5": "f5822c5ed965f1732fd9826ad6ab08ba", "sha1": "c71f705057c77502c71f917a4de5c5d34512d3f1", "sha256": "047fd481f6b7831326125eb49383626df31cee8980f56f9262c2a0439c9c0552", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "recordset-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset-min.js", "md5": "e9c21cd68355622dd89fcb311edf6934", "sha1": "cfa66280857f6c9b8d6c84b6aa26b9c8e9b9b138", "sha256": "bacd3048b6e553e543cd429b603b1e1a1d6d553d18e86428c1182048f4f4e014", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/recordset/recordset-min.js", "sha256": "bacd3048b6e553e543cd429b603b1e1a1d6d553d18e86428c1182048f4f4e014", "sha1": "cfa66280857f6c9b8d6c84b6aa26b9c8e9b9b138", "md5": "e9c21cd68355622dd89fcb311edf6934" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/recordset/recordset.js", "sha256": "bacd3048b6e553e543cd429b603b1e1a1d6d553d18e86428c1182048f4f4e014", "sha1": "cfa66280857f6c9b8d6c84b6aa26b9c8e9b9b138", "md5": "e9c21cd68355622dd89fcb311edf6934" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "jstree.checkbox.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/jstree/src/jstree.checkbox.js", "md5": "5f18e20eb237a34f2094904114531f74", "sha1": "a17571b9fb5aded17d543e8dedf402315de775f0", "sha256": "6bc747bc34ae5c842cbfa0f0118d292e01707af58791f1887840cd0d18e4a12e", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "dd.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/dd/dd.js", "md5": "ad894fde9d8c490fe5017bccea095e39", "sha1": "997349c44f60ab99bb5d6eb9c624b22a35c49375", "sha256": "0d43d90f3c2bb5cdef8ff3ed92b409297835c92d8c70c452de46f16f561041e5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/autosave/plugin.js", "md5": "c2ede3a907964206f43c887fdef54d15", "sha1": "29e5e55edc8cc4c60d2ea020e6960ebf873bcdbb", "sha256": "400bdc27088ba8baa528734c73141a3104c3bacd765bb74a8a3d499e6d8ca44b", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "frame-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/frame-min.js", "md5": "31bb0404b2e4a1f597329761acf4b6fd", "sha1": "88b98a28ad2027af20b6ab61731189f4e7300477", "sha256": "f5eb503acd9d0c4b4be680afc98830ba534de8405b1ee2f902afd2265fc6ab2c", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/editor/frame.js", "sha256": "f5eb503acd9d0c4b4be680afc98830ba534de8405b1ee2f902afd2265fc6ab2c", "sha1": "88b98a28ad2027af20b6ab61731189f4e7300477", "md5": "31bb0404b2e4a1f597329761acf4b6fd" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/editor/frame-min.js", "sha256": "f5eb503acd9d0c4b4be680afc98830ba534de8405b1ee2f902afd2265fc6ab2c", "sha1": "88b98a28ad2027af20b6ab61731189f4e7300477", "md5": "31bb0404b2e4a1f597329761acf4b6fd" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_en-GB.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-GB.js", "md5": "7dfaa59d017d14f22b2e54eeb38c4b3c", "sha1": "f49f9e41fad2504e5c22dd46d2bac3a1495aae02", "sha256": "b01d71934083f4b1709b5de1c5b91c7098dcb73f38333fddd7da926a8c6561e1", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "append.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/append.js", "md5": "4c6300f54b30a3ec16552641e467c914", "sha1": "66212c9fa20fda9276521ef7444fc73f47ae535c", "sha256": "0d1df8abeb2cd9fbe369bba8fa87a991109aaefb69e892b4f3b3afeb7c502431", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "sortable-scroll-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable-scroll-min.js", "md5": "245753ed909c62be0db3feb398b4a6fd", "sha1": "31697ad3095f94cd299723db76af33f74a0da2cd", "sha256": "d860ead5d7561aee48820fbc01d1aa6f7d0a983c4f022fdb5a4ad937816749fe", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/sortable/sortable-scroll-min.js", "sha256": "d860ead5d7561aee48820fbc01d1aa6f7d0a983c4f022fdb5a4ad937816749fe", "sha1": "31697ad3095f94cd299723db76af33f74a0da2cd", "md5": "245753ed909c62be0db3feb398b4a6fd" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/sortable/sortable-scroll.js", "sha256": "d860ead5d7561aee48820fbc01d1aa6f7d0a983c4f022fdb5a4ad937816749fe", "sha1": "31697ad3095f94cd299723db76af33f74a0da2cd", "md5": "245753ed909c62be0db3feb398b4a6fd" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin_src.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/inlinepopups/editor_plugin_src.js", "md5": "41c53bd54e8af72296d0d04fce118cbf", "sha1": "275b4f501114ba4ad5f5b573dc0d7d11b1acb092", "sha256": "b130258656e547e7aa2467de93292bd3fda742a7b29771b6e4990975196431d6", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-position-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position-min.js", "md5": "93f1b2f2bada8b5321f50ac62d213723", "sha1": "dab1faba2fcdae0534e10583ff995fabd64fcd08", "sha256": "ae607a04f5ff3bb085529975e2ea12226f9cc0eecb56339a15507e339569e865", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/widget/widget-position.js", "sha256": "ae607a04f5ff3bb085529975e2ea12226f9cc0eecb56339a15507e339569e865", "sha1": "dab1faba2fcdae0534e10583ff995fabd64fcd08", "md5": "93f1b2f2bada8b5321f50ac62d213723" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-position-min.js", "sha256": "ae607a04f5ff3bb085529975e2ea12226f9cc0eecb56339a15507e339569e865", "sha1": "dab1faba2fcdae0534e10583ff995fabd64fcd08", "md5": "93f1b2f2bada8b5321f50ac62d213723" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "studiotabgroups.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Studio/studiotabgroups.js", "md5": "aad6d2db3a73292f856e1d61901b4ff1", "sha1": "08dcb776985a9ae9494d647c2c78a7b877b0ce6d", "sha256": "27023077ff611f9ad7b1d72be0371ee0a04a784a967ed13374fadb10a318bc60", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "jquery-success.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/gymadarasz/imagesloaded/test/unit/jquery-success.js", "md5": "f028b048b67e12fc0a6940d94708965e", "sha1": "9b7dd46b5d214261dac0947324f006cc1b96b9ee", "sha256": "e22dcee90094f25a7f1ed6905de1920eb07fad50fdcf9e2a94d9a10ae171fa48", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "intl-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/intl/intl-min.js", "md5": "b9fb0949754b6d42796eda6e2101c917", "sha1": "0edf5f64d5d5cb8588ccd87b3cb1fd58c9d0bc50", "sha256": "4d250b8583d610cf9bf90ce531c258e84f50cd8a97ab29e95168e98a4fa055fb", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/intl/intl-min.js", "sha256": "4d250b8583d610cf9bf90ce531c258e84f50cd8a97ab29e95168e98a4fa055fb", "sha1": "0edf5f64d5d5cb8588ccd87b3cb1fd58c9d0bc50", "md5": "b9fb0949754b6d42796eda6e2101c917" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/intl/intl.js", "sha256": "4d250b8583d610cf9bf90ce531c258e84f50cd8a97ab29e95168e98a4fa055fb", "sha1": "0edf5f64d5d5cb8588ccd87b3cb1fd58c9d0bc50", "md5": "b9fb0949754b6d42796eda6e2101c917" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "dpSyntaxHighlighter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/assets/dpSyntaxHighlighter.js", "md5": "e3c2434acdcd9f4b0717efba1d7d7ebb", "sha1": "8f493b0eba6c0337d24d5b281755263d02194d49", "sha256": "4e7d5e722a1267eb39f901858c33e456f06fcb1fd9494eeffec73b5fcbebfe6c", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/mozaik/vendor/tinymce/tinymce/plugins/imagetools/plugin.js", "md5": "1aaa48683ab35499cd380086787db74a", "sha1": "e360b1183686a665c243c978b75a55919f4b7e49", "sha256": "e5ab37889a854bf3bd2835d37a6da4ecf6b4b319c20488fb7858f88018052218", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "arraylist-filter.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/collection/arraylist-filter.js", "md5": "bf8272aa2e796724b967cd20f74570a7", "sha1": "0af177618bf5c74670f31aaf9b6357ec6dbcb09c", "sha256": "1963b077d3929b96757dbf2a2b40c0d9bbe504277d49c7179d76a497db6cef68", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "profilerviewer-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/profilerviewer/profilerviewer-min.js", "md5": "6aea294797b41232c7d14ee56081bf2e", "sha1": "3dab23c64898de0d49ba32bfb408051cf298aa63", "sha256": "0fcbcc3e3a55aeb6dc685eae1a5d076d0cb071f3c9775d70229148f42e5a42bc", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "editor_plugin.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/tiny_mce/plugins/save/editor_plugin.js", "md5": "307a0743c68c4e4aff005f13027f296f", "sha1": "be47b49499c6d7cee5817ca38f1f0c7dc9bb2221", "sha256": "652a1d3ad24f49b1d5a4ca2d431bc7180845698f8a0015fc54cc19a7a53f790f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date_ru-RU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date_ru-RU.js", "md5": "1c3ce7a3b955122aedbdfb00a6eed2e9", "sha1": "491612a2cdf5d498c68e4aa83cc8c37fe6b87a06", "sha256": "1cfc5824d7ae533fe8e82bdb7d8d2fab22f2a6d2ea9734a6bb1e40d46cef655f", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_es-UY.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-UY.js", "md5": "1df67a9166f57c6e8747c6a9e244c2e6", "sha1": "ac4c700c18dbd67ae71cdf56aff1b8bdaaa53476", "sha256": "d1758851149742cd271679c12fc24d9ad01b8ae1219727abe0c109eb881e3116", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "cookie.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/cookie.js", "md5": "4a84d97b2488ea07cb91cda3e3b1f8f4", "sha1": "5fa51571e2cb0703e2c3cf1e2cf4a08644201a81", "sha256": "53567537b28f8aba998245cc903dca33827a293960a618c302fd17e3bfb58a59", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "io-queue.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-queue.js", "md5": "042ab905ea11a92430b02d3bfc2c5371", "sha1": "f8721c619889fcd8b2104097521cfb29b73f51e8", "sha256": "fa18095d494ae320bf615bb3af061f3923884e7be9bf4dff4dc6f718119618be", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/io/io-queue-min.js", "sha256": "fa18095d494ae320bf615bb3af061f3923884e7be9bf4dff4dc6f718119618be", "sha1": "f8721c619889fcd8b2104097521cfb29b73f51e8", "md5": "042ab905ea11a92430b02d3bfc2c5371" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/io/io-queue-min.js", "sha256": "fa18095d494ae320bf615bb3af061f3923884e7be9bf4dff4dc6f718119618be", "sha1": "f8721c619889fcd8b2104097521cfb29b73f51e8", "md5": "042ab905ea11a92430b02d3bfc2c5371" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "sugar_yui_overrides.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/sugar_yui_overrides.js", "md5": "bdd2d18879a7ba3abab8173dcca015e9", "sha1": "f414a372bb3886724c20a6971260ddf31e568562", "sha256": "ea55132e89527abced3672a7cb0a0e8280473ecdbb2c3c3f5800b141086d99c4", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "polygon.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Maps/javascript/polygon.js", "md5": "5564f16134124604a92deca440f9cb5b", "sha1": "f1d69de60d5a7b2ca37a17c89638427c631db07e", "sha256": "f96d227523513c867f7e3c4fd29c28939ccc1d10eba7c4419ba1e84552ff23b1", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/jjwg_Areas/javascript/polygon.js", "sha256": "f96d227523513c867f7e3c4fd29c28939ccc1d10eba7c4419ba1e84552ff23b1", "sha1": "f1d69de60d5a7b2ca37a17c89638427c631db07e", "md5": "5564f16134124604a92deca440f9cb5b" } ], "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "widget-stack.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/widget/widget-stack.js", "md5": "917d2d506444a7f3cca870bbd9d063bc", "sha1": "179f4ec9d446550f0bfce85b13799808cd4ec4a1", "sha256": "43f7ade0266e30aa7acd4ba2a8f79d45ebab9126890f4472f7a7c88b85cdeba5", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_zh-Hans-CN.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_zh-Hans-CN.js", "md5": "e4555c5394dbeb426d3574db580051f4", "sha1": "231ab5b3de1478a747ab6ab789e8ae0496128939", "sha256": "a9112ed8d819a2360279bbfb8046886d521356709c3749f67faa6c32a5e26645", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-VE.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-VE.js", "md5": "93a92233f84c8489708e434e6cf3ebfb", "sha1": "3c5e18c772bb6d77d0ad014cdf1d64bde5faef8a", "sha256": "7030b222aa696ec054d8f645c3e66f577a59eee56d9dc6e0dd262583d4eafe5a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "resize-proxy.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-proxy.js", "md5": "2c334a50aa9a10fe0b27888c28241fc6", "sha1": "821618599d094c1671884d13f60b025c78e8edf4", "sha256": "846eb6df338d92f5878079f36136b6c299e0aabdcd4aba16add35cebd237b596", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/resize/resize-proxy-min.js", "sha256": "846eb6df338d92f5878079f36136b6c299e0aabdcd4aba16add35cebd237b596", "sha1": "821618599d094c1671884d13f60b025c78e8edf4", "md5": "2c334a50aa9a10fe0b27888c28241fc6" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/resize/resize-proxy-min.js", "sha256": "846eb6df338d92f5878079f36136b6c299e0aabdcd4aba16add35cebd237b596", "sha1": "821618599d094c1671884d13f60b025c78e8edf4", "md5": "2c334a50aa9a10fe0b27888c28241fc6" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "json-stringify.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/json/json-stringify.js", "md5": "e49af1a434e2dbe8cba309668fa32baa", "sha1": "3fe694c7788cf0ece23f41421f1508120f964f55", "sha256": "c586226b79fa87297c28e9e69b7fe0cd590cbac13237dd5f263de1c45479cd2c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-xml-min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml-min.js", "md5": "82ccff56ec50d62eae5f1f2f575cc21a", "sha1": "adc047b3ae1707da1282da818ed26fa380e3d027", "sha256": "24b850fe930f3ec3ee5c97a992347a2c115aef3d8834eda01b12da04d0135d00", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/datatype-xml-min.js", "sha256": "24b850fe930f3ec3ee5c97a992347a2c115aef3d8834eda01b12da04d0135d00", "sha1": "adc047b3ae1707da1282da818ed26fa380e3d027", "md5": "82ccff56ec50d62eae5f1f2f575cc21a" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/datatype-xml.js", "sha256": "24b850fe930f3ec3ee5c97a992347a2c115aef3d8834eda01b12da04d0135d00", "sha1": "adc047b3ae1707da1282da818ed26fa380e3d027", "md5": "82ccff56ec50d62eae5f1f2f575cc21a" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "Lead.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Leads/Lead.js", "md5": "539e25993e0de50e627ff70675e87c2c", "sha1": "c411d4502eee3a39246ac6401d741462269c284e", "sha256": "c9713922bfd964a5634664f9727dca163da5fe7b6301e446dfda2186a828db56", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "slider.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui/build/slider/slider.js", "md5": "eec05da8d858ee3991d40aa49fa5a402", "sha1": "ba141abfbe906dfb81ec44219d6054e728f37573", "sha256": "245f83f7ae212b43e43c6b08d0aeefa3cb701e49cf27c0de930882945f4dc114", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "2.9.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@2.9.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@2.9.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2012-5881", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80118", "name": "yui-flash-component-xss(80118)" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5881/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5882", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.", "notes": "", "references": [ { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5882/", "name": "info" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2012-5883", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://www.bugzilla.org/security/3.6.11/", "name": "http://www.bugzilla.org/security/3.6.11/" }, { "source": "BID", "url": "http://www.securityfocus.com/bid/56385", "name": "56385" }, { "source": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066", "name": "MDVSA-2013:066" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20121030-vulnerability/", "name": "http://yuilibrary.com/support/20121030-vulnerability/" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/10/30/security-announcement-swf-vulnerability-in-yui-2/" }, { "source": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845", "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=808845" }, { "source": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80116", "name": "bugzilla-flash-xss(80116)" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2012-5883/", "name": "info" }, { "source": "CONFIRM", "url": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/", "name": "http://www.yuiblog.com/blog/2012/11/05/post-mortem-swf-vulnerability-in-yui-2/" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr2:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:pr4:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.1:pr1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:2.9.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.0.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc1:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:mozilla:bugzilla:4.2:rc2:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "node-focusmanager.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/node-focusmanager/node-focusmanager.js", "md5": "9d038b508069554da8d65ce52620b349", "sha1": "09fc30fe54ca3abb74354bd4d436c5daa825fe73", "sha256": "42f39e956cc75a15255b8b0c79ad30ec84fb8effa8e91c175258fd0829edeb5c", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "pluginhost-config.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-config.js", "md5": "12d5f2c74c2a4a97da39fc747e04e899", "sha1": "16258a789194187db651d261d90b2c33201d0d3d", "sha256": "2ca0b3c6bdaec3f09ab312139b98634cf7e7c0822fda1ea0b113e4a9352b2fe3", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/pluginhost/pluginhost-config-min.js", "sha256": "2ca0b3c6bdaec3f09ab312139b98634cf7e7c0822fda1ea0b113e4a9352b2fe3", "sha1": "16258a789194187db651d261d90b2c33201d0d3d", "md5": "12d5f2c74c2a4a97da39fc747e04e899" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/pluginhost/pluginhost-config-min.js", "sha256": "2ca0b3c6bdaec3f09ab312139b98634cf7e7c0822fda1ea0b113e4a9352b2fe3", "sha1": "16258a789194187db651d261d90b2c33201d0d3d", "md5": "12d5f2c74c2a4a97da39fc747e04e899" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype_en-AU.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/datatype/lang/datatype_en-AU.js", "md5": "859e37011ea87fd18e09d821c13e6b7b", "sha1": "935946ef6541779db7ff04450a415674a939c13c", "sha256": "d2f0bf4ae61f179e0de6548eef8f478c136f53e13c87e2c4855ccd3445f2e160", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "datatype-date-format_en-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_en-US.js", "md5": "2a71843e54324bcda1e427976dec1187", "sha1": "d15771bdb9e346a4ff9c1e854f2690fcf9d24215", "sha256": "6df2efb843f09f8e0e5627df73be1f41608f4974bc6176f8049771848ac6b395", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "moment.min.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/modules/Calendar/fullcalendar/lib/moment.min.js", "md5": "2b7d0faf3728e2b30b55ace597e2a8a5", "sha1": "b765a4ad85bdef6c639116aaadc8acf3fada958d", "sha256": "0defdc819a00920beaa312fdc89a49ccf1f2a335044c59d2bfb11019f416438a", "evidenceCollected": { "vendorEvidence": [], "productEvidence": [], "versionEvidence": [] } }, { "isVirtual": false, "fileName": "highlight-base.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-base.js", "md5": "3c3f83d8b1baa815acff33388f428eaa", "sha1": "3f9112ec7f2173167bf738ada30782eef67b316f", "sha256": "226411365906bb206a7015eb94bccf1d8ec3d8bc9d3272b747a90a64d5e85e40", "relatedDependencies": [ { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/include/javascript/yui3/build/highlight/highlight-base-min.js", "sha256": "226411365906bb206a7015eb94bccf1d8ec3d8bc9d3272b747a90a64d5e85e40", "sha1": "3f9112ec7f2173167bf738ada30782eef67b316f", "md5": "3c3f83d8b1baa815acff33388f428eaa" }, { "isVirtual": false, "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/highlight/highlight-base-min.js", "sha256": "226411365906bb206a7015eb94bccf1d8ec3d8bc9d3272b747a90a64d5e85e40", "sha1": "3f9112ec7f2173167bf738ada30782eef67b316f", "md5": "3c3f83d8b1baa815acff33388f428eaa" } ], "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date_pl.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date_pl.js", "md5": "904c22a4893c7c5310d907081396706c", "sha1": "c2296c7a0e056901edc53425cf394b63eb603050", "sha256": "ab4828b789fae5f7f3e26c202b84ead3657b4e521005293ed49926a9c616d790", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] } ] }, { "isVirtual": false, "fileName": "datatype-date-format_es-US.js", "filePath": "/var/lib/jenkins/workspace/suitecrm-aws-pipeline/jssource/src_files/include/javascript/yui3/build/datatype/lang/datatype-date-format_es-US.js", "md5": "8d1029dc94965b05cca280f1f37ea565", "sha1": "74d8f86bd221fd01edfabb25735f856b4a4fc861", "sha256": "065bd39ad7cc3688ab2e82ade71f21c62846247d56e5a48b15eae5aa5c793b79", "evidenceCollected": { "vendorEvidence": [ { "type": "vendor", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "productEvidence": [ { "type": "product", "confidence": "HIGH", "source": "file", "name": "name", "value": "YUI" } ], "versionEvidence": [ { "type": "version", "confidence": "HIGH", "source": "file", "name": "version", "value": "3.3.0" } ] }, "packages": [ { "id": "pkg:javascript/YUI@3.3.0", "confidence": "HIGHEST", "url": "https://ossindex.sonatype.org/component/pkg:javascript/YUI@3.3.0" } ], "vulnerabilities": [ { "source": "NVD", "name": "CVE-2013-4939", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "MLIST", "url": "https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191107 [jira] [Created] (ZOOKEEPER-3609) Update lib yui-min: 3.1.0 due to security vulnerability" }, { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4939/", "name": "info" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4940", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4940/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.9:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.3.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.0.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.10:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.8:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.4.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.6:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.2.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.2:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.5.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.0:*:*:*:*:*:*:*" } } ] }, { "source": "NVD", "name": "CVE-2013-4941", "severity": "MEDIUM", "cvssv2": { "score": 4.3, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authenticationr": "NONE", "confidentialImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "severity": "MEDIUM" }, "cwes": [ "CWE-79" ], "description": "Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.", "notes": "", "references": [ { "source": "info", "url": "http://www.cvedetails.com/cve/CVE-2013-4941/", "name": "info" }, { "source": "CONFIRM", "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678" }, { "source": "CONFIRM", "url": "http://yuilibrary.com/support/20130515-vulnerability/", "name": "http://yuilibrary.com/support/20130515-vulnerability/" }, { "source": "CONFIRM", "url": "https://moodle.org/mod/forum/discuss.php?d=232496", "name": "https://moodle.org/mod/forum/discuss.php?d=232496" } ], "vulnerableSoftware": [ { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.10.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.7.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.4:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.9.1:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.1.7:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.3:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.6.0:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:moodle:moodle:2.2.5:*:*:*:*:*:*:*" } }, { "software": { "id": "cpe:2.3:a:yahoo:yui:3.8.0:*:*:*:*:*:*:*" } }, { "software": {